e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38

Analysis

max time kernel
26s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
22/11/2022, 08:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe
Size

5.5MB
MD5

e086adf0694d7e3cd546bff5426d7699
SHA1

e5c9542d80dd78924c425d73ab007702108fda90
SHA256

e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38
SHA512

a7ea59f9989d75cd261b4abeefa7f406533c356a9cf8ce6373d4e4bf35ac7634823374f8038233b522dfdf54b1790ce2adfe5c98285a6cae567841202cfc04f5
SSDEEP

98304:skLlDnTP0AIPSnkyXFbFqvb9/vJtkh7dAy9QdB4BC+4fo8os9YYHo9ti55ljy:LlzTP0LBgwbV50aB4hjYIj0n2

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1156	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.tmp

Loads dropped DLL 2 IoCs

pid	Process
1144	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe
1156	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 1156	1144	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe	28
PID 1144 wrote to memory of 1156	1144	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe	28
PID 1144 wrote to memory of 1156	1144	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe	28
PID 1144 wrote to memory of 1156	1144	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe	28
PID 1144 wrote to memory of 1156	1144	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe	28
PID 1144 wrote to memory of 1156	1144	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe	28
PID 1144 wrote to memory of 1156	1144	e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe	28

C:\Users\Admin\AppData\Local\Temp\e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe
"C:\Users\Admin\AppData\Local\Temp\e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Users\Admin\AppData\Local\Temp\is-88GO8.tmp\e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-88GO8.tmp\e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.tmp" /SL5="$70124,4926676,832512,C:\Users\Admin\AppData\Local\Temp\e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-88GO8.tmp\e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.tmp

Filesize
3.0MB

MD5
5225f0bd978edca0ebe6806d8996870e

SHA1
2bdafb0c3fa216d125f221ec56319bb0426d322b

SHA256
7bc2fc59c652644684717cf1661ee069971a32d44669eb58d5e152cab0e7b736

SHA512
2a3e9fbfd0837f506a47dc704a2a9e6ea1994b9d076ae4ff9ba22a5f20f7aa47849c54c5b0fc73e855d91b1eada94a5213376ba7132e650bdbe8af8c78e26fd2

Download Submit
\Users\Admin\AppData\Local\Temp\is-88GO8.tmp\e6911dd8ffac23601634befb567340ce7a390e5f86859bfc8e5a2489a8852c38.tmp

Filesize
3.0MB

MD5
5225f0bd978edca0ebe6806d8996870e

SHA1
2bdafb0c3fa216d125f221ec56319bb0426d322b

SHA256
7bc2fc59c652644684717cf1661ee069971a32d44669eb58d5e152cab0e7b736

SHA512
2a3e9fbfd0837f506a47dc704a2a9e6ea1994b9d076ae4ff9ba22a5f20f7aa47849c54c5b0fc73e855d91b1eada94a5213376ba7132e650bdbe8af8c78e26fd2

Download Submit
\Users\Admin\AppData\Local\Temp\is-S6D6P.tmp\valom.dll

Filesize
287KB

MD5
a3cc6c56abeecfb5dfa33019b3696045

SHA1
0193c28b906d8d1d72c344b6ad63060967d30b12

SHA256
63691e210c8fdcd061c6d6bcf19b2521e7bad75eb3c10487a65432b7d0537cea

SHA512
555d24ae1d673754b645daa28637517b236b5032681d6d5904393ffa2d1010a84c5d7f61206978b824c1050fa52e6cbb0064c2e4cb2dec96c1ead9cbc142587a

Download Submit
memory/1144-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1144-55-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1144-62-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1144-63-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads