Overview

overview

7

Static

static

7b53a00b3a...le.exe

windows7_x64

7

7b53a00b3a...le.exe

windows10_x64

7

Analysis

  • max time kernel
    118s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    22-07-2021 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2.sample.exe

  • Size

    138KB

  • MD5

    6f772eb660bc05fc26df86c98ca49abc

  • SHA1

    8da75dd328c195b84f15740a33fc9888af4da2be

  • SHA256

    7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2

  • SHA512

    3e028cecf08ed4fe0100a7587f04ba4c4cebb023b371cc4e793a7dfb7be64a4d2ef8066fc352ea834c239cb7c5836626673e02fbaa63f4631b71d40c4cc284a1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2.sample.exe
    "C:\Users\Admin\AppData\Local\Temp\7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2.sample.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Windows\system32\msiexec.exe
      "C:\Windows\system32\msiexec.exe"
      2⤵
      • Deletes itself
      PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1072-59-0x0000000000910000-0x00000000009AF000-memory.dmp
    Filesize

    636KB

    Download
  • memory/1072-60-0x0000000000060000-0x000000000007F000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1072-61-0x00000000009B0000-0x0000000000ADD000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1072-62-0x00000000001F0000-0x0000000000207000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1072-63-0x00000000013B0000-0x0000000001479000-memory.dmp
    Filesize

    804KB

    Download
  • memory/1072-64-0x0000000004120000-0x0000000004229000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1072-65-0x0000000000C50000-0x0000000000C51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1072-66-0x0000000000C60000-0x0000000000C61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1072-67-0x0000000001B90000-0x0000000001C01000-memory.dmp
    Filesize

    452KB

    Download
  • memory/1716-68-0x0000000000000000-mapping.dmp
    Download
  • memory/1716-69-0x000007FEFB6B1000-0x000007FEFB6B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1716-71-0x0000000000340000-0x0000000000368000-memory.dmp
    Filesize

    160KB

    Download