Overview

overview

10

Static

static

4e09c63602...72.exe

windows7-x64

10

4e09c63602...72.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    81s
  • max time network
    173s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2022 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e09c63602bea79e6a9ad1f757013a72f6a16b1b7991c20c995296cfed7e0972.exe

  • Size

    346KB

  • MD5

    6465ff23f054282177a15cc5f7ebc7ec

  • SHA1

    92c0033e076de238169f17c76a41fcbb8d10930d

  • SHA256

    4e09c63602bea79e6a9ad1f757013a72f6a16b1b7991c20c995296cfed7e0972

  • SHA512

    507155b8dcc48b2e7a78a7771135588058f89985f7fe53ca546433a6d847d4b1c4dc61995d8159e3d5906eea64d49466cb78be236ca3bc5c448ae869b2328b16

Score
10/10
onlyloggerdiscoveryloader

Malware Config

Signatures

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • OnlyLogger payload 3 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e09c63602bea79e6a9ad1f757013a72f6a16b1b7991c20c995296cfed7e0972.exe
    "C:\Users\Admin\AppData\Local\Temp\4e09c63602bea79e6a9ad1f757013a72f6a16b1b7991c20c995296cfed7e0972.exe"
    1⤵
      PID:564

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Network Service Scanning

    1
    T1046

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/564-54-0x00000000006D8000-0x00000000006FF000-memory.dmp
      Filesize

      156KB

      Download
    • memory/564-55-0x0000000075211000-0x0000000075213000-memory.dmp
      Filesize

      8KB

      Download
    • memory/564-57-0x0000000000220000-0x0000000000263000-memory.dmp
      Filesize

      268KB

      Download
    • memory/564-58-0x0000000000400000-0x000000000058A000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/564-56-0x00000000006D8000-0x00000000006FF000-memory.dmp
      Filesize

      156KB

      Download
    • memory/564-59-0x00000000006D8000-0x00000000006FF000-memory.dmp
      Filesize

      156KB

      Download
    • memory/564-60-0x0000000000400000-0x000000000058A000-memory.dmp
      Filesize

      1.5MB

      Download