Overview

overview

8

Static

static

7230ff517c...e6.exe

windows7-x64

8

7230ff517c...e6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7230ff517c8b738b9c79705e0babc8390159fbd1cd87f943693c75578cfb76e6.exe

  • Size

    91KB

  • MD5

    7e8bdf41803445660de274a30a32a7b4

  • SHA1

    d3a6000499f466f45ac74115d403fe70b50e1595

  • SHA256

    7230ff517c8b738b9c79705e0babc8390159fbd1cd87f943693c75578cfb76e6

  • SHA512

    4181f7fcc6603535202fed04bff41dd40638ac32e00b6d077955d234b1ad0bdabe45b89277eae7cc28d39406884f99b5efe31b1eea366c572f21fcfb10183e69

  • SSDEEP

    1536:96cZj8B7P0Zxd1v6dViOIxJGh74mDn2zuiRpcLygEJ333P5/q/k32c:Vj7H1v6WwDn2qNugE1Su2

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies data under HKEY_USERS 31 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7230ff517c8b738b9c79705e0babc8390159fbd1cd87f943693c75578cfb76e6.exe
    "C:\Users\Admin\AppData\Local\Temp\7230ff517c8b738b9c79705e0babc8390159fbd1cd87f943693c75578cfb76e6.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\\1670134357.cmd"
      2⤵
      • Deletes itself
      PID:268
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k java
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:1036

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\oris.txt
    Filesize

    3KB

    MD5

    cb0d818d550425a05c0dabfa8612f90d

    SHA1

    df7b82d70588b584d708fca323fcea9c8b55b404

    SHA256

    c4a779eaf79565b566151266bdd08f351ab7c8bae210fd5e0d11b566d78c44c8

    SHA512

    16febe47d3860949feba1e83fa85ce30fdbf327e0cb0d4b8319a2d0763ab7226b1b488fc6b6d5238a79c872ff8dc8c3a160411c7fe8bbbda5c46d3766070b546

    Download Submit

  • C:\ProgramData\oris.txt
    Filesize

    3KB

    MD5

    cb0d818d550425a05c0dabfa8612f90d

    SHA1

    df7b82d70588b584d708fca323fcea9c8b55b404

    SHA256

    c4a779eaf79565b566151266bdd08f351ab7c8bae210fd5e0d11b566d78c44c8

    SHA512

    16febe47d3860949feba1e83fa85ce30fdbf327e0cb0d4b8319a2d0763ab7226b1b488fc6b6d5238a79c872ff8dc8c3a160411c7fe8bbbda5c46d3766070b546

    Download Submit

  • C:\ProgramData\oris.txt
    Filesize

    3KB

    MD5

    c045f35d3b123bfe60943f3a84d0f092

    SHA1

    993d4986065db185ca9787b5198edb6fcff1e9cc

    SHA256

    ad7ed7900357c81bf8fad4cae6a40557054132bff2acd2b66d06abde41a30963

    SHA512

    c49a6e74a28ed9c0fbe04c8f8629bca80d8af1a325d39735c1bc8c3ddaa07f2a93c9df83ab64cbef3fc7ff968b3d318215eeb979ab037c8bf38489975f9e29c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1670134357.cmd
    Filesize

    303B

    MD5

    1270cbc94479e36553ce60a3b1f14af3

    SHA1

    2a77235936e0a92fbba315fe90522590596fabaf

    SHA256

    bd0af13952f1965267d7949081ad8c66854c7322a0770e44c4e99590cb9a1b9f

    SHA512

    6e9866707dc419d9e282d3797bafd69a8708823293cca78edf2bd39849d1683aa09047fdf73355a27056375dd389579789d11da57effcb3e971a43c1c4ef0f00

    Download Submit

  • \??\c:\windows\SysWOW64\javatnktg.dll
    Filesize

    61KB

    MD5

    aedacf9f7adea69e9f5c46599c9478b8

    SHA1

    8f5094e31a13f7aab86f9b33014acddfbba9ec57

    SHA256

    9d4fb9a5ecbb678128f812304d6e4d6eb2df3d26b82a7d59f3bd3b8162e3f4d9

    SHA512

    4550fbcae26b6b3fd2a4cace27b414c2658baeb58de3b905d0b0b9c58314d392e85576b0435ce8aef852deab91f4fc20e6cccdfe013849636d0f44989ec7daec

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ori317D.tmp
    Filesize

    61KB

    MD5

    aedacf9f7adea69e9f5c46599c9478b8

    SHA1

    8f5094e31a13f7aab86f9b33014acddfbba9ec57

    SHA256

    9d4fb9a5ecbb678128f812304d6e4d6eb2df3d26b82a7d59f3bd3b8162e3f4d9

    SHA512

    4550fbcae26b6b3fd2a4cace27b414c2658baeb58de3b905d0b0b9c58314d392e85576b0435ce8aef852deab91f4fc20e6cccdfe013849636d0f44989ec7daec

    Download Submit

  • \Windows\SysWOW64\javatnktg.dll
    Filesize

    61KB

    MD5

    aedacf9f7adea69e9f5c46599c9478b8

    SHA1

    8f5094e31a13f7aab86f9b33014acddfbba9ec57

    SHA256

    9d4fb9a5ecbb678128f812304d6e4d6eb2df3d26b82a7d59f3bd3b8162e3f4d9

    SHA512

    4550fbcae26b6b3fd2a4cace27b414c2658baeb58de3b905d0b0b9c58314d392e85576b0435ce8aef852deab91f4fc20e6cccdfe013849636d0f44989ec7daec

    Download Submit

  • memory/1340-57-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1340-65-0x0000000000220000-0x0000000000257000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1340-58-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1340-54-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1340-55-0x0000000000220000-0x0000000000257000-memory.dmp

    Filesize

    220KB

    Download