Overview

overview

10

Static

static

448838b2a6...in.exe

windows7_x64

10

448838b2a6...in.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    01-10-2020 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    448838b2a60484ee78c2198f2c0c9c85.bin.exe

  • Size

    115KB

  • MD5

    448838b2a60484ee78c2198f2c0c9c85

  • SHA1

    f2c43a01cabaa694228f5354ea8c6bcf3b7a49b3

  • SHA256

    64d78eec46c9ddd4b9a366de62ba0f2813267dc4393bc79e4c9a51a9bb7e6273

  • SHA512

    9e532af06e5f4764529211e8c5c749baa7b01c72f11b603218c3c08d70cf1e732f8d9d81ec257ca247aaa96d1502150a2f402b1b3914780b6344222b007dd53f

Score
10/10
trojanslothfulmedia

Malware Config

Signatures

  • SlothfulMedia

    SlothfulMedia is a malware used by sophisticated threat actors that drops a remote access tool.

    trojanslothfulmedia
  • SlothfulMedia Main Payload 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\448838b2a60484ee78c2198f2c0c9c85.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\448838b2a60484ee78c2198f2c0c9c85.bin.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:240
    • C:\Users\Admin\AppData\Roaming\Media\mediaplayer.exe
      "C:\Users\Admin\AppData\Roaming\Media\mediaplayer.exe"
      2⤵
      • Executes dropped EXE
      PID:1860
    • C:\Users\Admin\AppData\Local\Temp\W5gEs.exe
      "C:\Users\Admin\AppData\Local\Temp\W5gEs.exe"
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2000-8-0x000007FEF7AF0000-0x000007FEF7D6A000-memory.dmp

    Filesize

    2.5MB

    Download