Overview

overview

8

Static

static

7b7bdb92ce...f9.exe

windows7-x64

8

7b7bdb92ce...f9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    172s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 08:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b7bdb92ce9b66c638099fb303074860078101add7c628ae46ec6c6f4535a9f9.exe

  • Size

    1.3MB

  • MD5

    ac03daf668ddfafed26c217fed4a8d34

  • SHA1

    35e22b0b9cad13e0e168df3faf799bc34fd5ba1b

  • SHA256

    7b7bdb92ce9b66c638099fb303074860078101add7c628ae46ec6c6f4535a9f9

  • SHA512

    3fcb39a82d1d7ec3888f4c3382fc22b7ce1987d85187ffc518ef646f74160f0551947c2db011cb40413c3b756abdfeeaf4961bbfcfdd80c67e9a70f0e1ccdad9

  • SSDEEP

    24576:8MjhgLVjQPY3MuR7y64jnYyqZVuQ/SZzg3kOnwpSiFgAtMM+b:/a1cWHxu+3kOeSiFgAeM+

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b7bdb92ce9b66c638099fb303074860078101add7c628ae46ec6c6f4535a9f9.exe
    "C:\Users\Admin\AppData\Local\Temp\7b7bdb92ce9b66c638099fb303074860078101add7c628ae46ec6c6f4535a9f9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Users\Admin\AppData\Local\Temp\is-5I1JQ.tmp\7b7bdb92ce9b66c638099fb303074860078101add7c628ae46ec6c6f4535a9f9.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5I1JQ.tmp\7b7bdb92ce9b66c638099fb303074860078101add7c628ae46ec6c6f4535a9f9.tmp" /SL5="$9006C,783834,244224,C:\Users\Admin\AppData\Local\Temp\7b7bdb92ce9b66c638099fb303074860078101add7c628ae46ec6c6f4535a9f9.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-5I1JQ.tmp\7b7bdb92ce9b66c638099fb303074860078101add7c628ae46ec6c6f4535a9f9.tmp
    Filesize

    1.2MB

    MD5

    9800c0c3644c972ae40fff9b429ee5e2

    SHA1

    984df98a5f4833e9b517fd9a6b0b683eaf70c6b1

    SHA256

    06d42bd53783fefa79d4727e6f85d32e1baafed3589e1d08cd5d66b15695af7c

    SHA512

    585f3584dcdfefa1bcd4cabed3064c6cca01b8eead0c3397f19daf37c042691af8f6386a4c92f8a485ba9a8831269e7941757f6dcb7ea24d974d5c85400ca68f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-5I1JQ.tmp\7b7bdb92ce9b66c638099fb303074860078101add7c628ae46ec6c6f4535a9f9.tmp
    Filesize

    1.2MB

    MD5

    9800c0c3644c972ae40fff9b429ee5e2

    SHA1

    984df98a5f4833e9b517fd9a6b0b683eaf70c6b1

    SHA256

    06d42bd53783fefa79d4727e6f85d32e1baafed3589e1d08cd5d66b15695af7c

    SHA512

    585f3584dcdfefa1bcd4cabed3064c6cca01b8eead0c3397f19daf37c042691af8f6386a4c92f8a485ba9a8831269e7941757f6dcb7ea24d974d5c85400ca68f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-ETM5B.tmp\InstallerExtensions.dll
    Filesize

    108KB

    MD5

    e2c140bd3e030bc13e2e1cff89aa0bb5

    SHA1

    031522d0b2fa7f8fcffc41522c9dbc2c830a2bbc

    SHA256

    ed19e30134ab3f7569dd7b444e7e4e2d255e0383f587c519acd1a0138f790252

    SHA512

    68b1b3619ff53d9279fe097a9ff7667092aa34d5bce092eeed3dcb6988caaa861926ff50c4fe797d8c8ded65ed66dba7ce2213f59ea681014f38d74ebce6f17e

    Download Submit

  • memory/2808-132-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2808-137-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download