f92ea3668a35fbf6e26ba93ed3c2ee31235e41013b79cd661aa061d1327540d9 | Triage

Resubmissions

03/03/2025, 00:30

250303-atjytszr17 7

26/05/2021, 16:56

210526-cxl24bzxyj 10

Analysis

max time kernel
38s
max time network
40s
platform
windows7_x64
resource
win7v20210408
submitted
26/05/2021, 16:56

Sharing

Report Analysis Logs

General

Target

ac7560fd5eae593bc3dd81a19f68647f.exe
Size

380KB
MD5

ac7560fd5eae593bc3dd81a19f68647f
SHA1

e6addb41986cf296d935f60d3d61f595dbd26857
SHA256

f92ea3668a35fbf6e26ba93ed3c2ee31235e41013b79cd661aa061d1327540d9
SHA512

eac194e25ec730dafb1ea03378ba33ba52bc3d01be785bd24a73ffcaf05a1b8c26c624238c27d6108b32d19dd5679d80493c2582190eb2e6d604365796e270ad

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1436	ac7560fd5eae593bc3dd81a19f68647f.tmp

Loads dropped DLL 4 IoCs

pid	Process
1776	ac7560fd5eae593bc3dd81a19f68647f.exe
1436	ac7560fd5eae593bc3dd81a19f68647f.tmp
1436	ac7560fd5eae593bc3dd81a19f68647f.tmp
1436	ac7560fd5eae593bc3dd81a19f68647f.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 1436	1776	ac7560fd5eae593bc3dd81a19f68647f.exe	26
PID 1776 wrote to memory of 1436	1776	ac7560fd5eae593bc3dd81a19f68647f.exe	26
PID 1776 wrote to memory of 1436	1776	ac7560fd5eae593bc3dd81a19f68647f.exe	26
PID 1776 wrote to memory of 1436	1776	ac7560fd5eae593bc3dd81a19f68647f.exe	26
PID 1776 wrote to memory of 1436	1776	ac7560fd5eae593bc3dd81a19f68647f.exe	26
PID 1776 wrote to memory of 1436	1776	ac7560fd5eae593bc3dd81a19f68647f.exe	26
PID 1776 wrote to memory of 1436	1776	ac7560fd5eae593bc3dd81a19f68647f.exe	26

C:\Users\Admin\AppData\Local\Temp\ac7560fd5eae593bc3dd81a19f68647f.exe
"C:\Users\Admin\AppData\Local\Temp\ac7560fd5eae593bc3dd81a19f68647f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Users\Admin\AppData\Local\Temp\is-PI3FM.tmp\ac7560fd5eae593bc3dd81a19f68647f.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PI3FM.tmp\ac7560fd5eae593bc3dd81a19f68647f.tmp" /SL5="$30028,140518,56832,C:\Users\Admin\AppData\Local\Temp\ac7560fd5eae593bc3dd81a19f68647f.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1436-66-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1776-59-0x0000000075C31000-0x0000000075C33000-memory.dmp

Filesize
8KB

Download
memory/1776-60-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download