b2989e35351b59cd09af94f5c34a219c62c3a9dadd916388e383b3cf1681784c

Analysis

max time kernel
218s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.exe
Size

675KB
MD5

a2c8cbb73fea7bb34c92911d840d5508
SHA1

19d30711500ddeb81f14dd920421b2e7d7ed8e52
SHA256

d1bb60fd0965793e028ae7035157079f7b6c79165b40d75e7cf37c95ff08e642
SHA512

1756774b8b4256e45710d736ef3c86c195618f172c4a1c7c75f2142599bf17660abb918a056bdc795b7103e6b219fec1b0bedc85e0ccb244007e26a44e3c5b9d
SSDEEP

12288:D3WwcUo888888888888W88888888888/6LjdjDk33NwSH+aF+vkvC5rtTk5KODWa:TPcj6LjFS9jF6kvCUIODWkUM

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1248	1.tmp

Loads dropped DLL 3 IoCs

pid	Process
320	1.exe
1248	1.tmp
1248	1.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1248	1.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 1248	320	1.exe	27
PID 320 wrote to memory of 1248	320	1.exe	27
PID 320 wrote to memory of 1248	320	1.exe	27
PID 320 wrote to memory of 1248	320	1.exe	27
PID 320 wrote to memory of 1248	320	1.exe	27
PID 320 wrote to memory of 1248	320	1.exe	27
PID 320 wrote to memory of 1248	320	1.exe	27

C:\Users\Admin\AppData\Local\Temp\1.exe
"C:\Users\Admin\AppData\Local\Temp\1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:320
- C:\Users\Admin\AppData\Local\Temp\is-B41UU.tmp\1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-B41UU.tmp\1.tmp" /SL5="$160150,141824,0,C:\Users\Admin\AppData\Local\Temp\1.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-B41UU.tmp\1.tmp

Filesize
1.1MB

MD5
c2200909c2dd2fb3557861390f120529

SHA1
5b7669a6e307eec66b3ef167f29735426024c150

SHA256
55775133ec1b33c4771b5fc3c5164b2db183d15349eada5d061b2cc53249dc9a

SHA512
bf794271a56161e4c8cd9497f5a1a10efe96ada4c69e9e55983c4178a73ef91f66f96aaca62996f945b0f3b0a4a10e2207a7856760c9b537d48cf5c2cb1aaac5

Download Submit
\Users\Admin\AppData\Local\Temp\is-B41UU.tmp\1.tmp

Filesize
1.1MB

MD5
c2200909c2dd2fb3557861390f120529

SHA1
5b7669a6e307eec66b3ef167f29735426024c150

SHA256
55775133ec1b33c4771b5fc3c5164b2db183d15349eada5d061b2cc53249dc9a

SHA512
bf794271a56161e4c8cd9497f5a1a10efe96ada4c69e9e55983c4178a73ef91f66f96aaca62996f945b0f3b0a4a10e2207a7856760c9b537d48cf5c2cb1aaac5

Download Submit
\Users\Admin\AppData\Local\Temp\is-N75GL.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-N75GL.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/320-54-0x0000000076201000-0x0000000076203000-memory.dmp

Filesize
8KB

Download
memory/320-55-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/320-63-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads