Overview

overview

7

Static

static

1

e32e4fb7ef...cb.exe

windows7-x64

7

e32e4fb7ef...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    40s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    15/02/2023, 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e32e4fb7efb259c917b680c803017c4fbcb7102ae24383f105d6d2cec5560dcb.exe

  • Size

    12.1MB

  • MD5

    0784bfc4ba3aefc5e41676d06c64c955

  • SHA1

    f97c4855b79684613f6045baa1cdbec2a15a7097

  • SHA256

    e32e4fb7efb259c917b680c803017c4fbcb7102ae24383f105d6d2cec5560dcb

  • SHA512

    87d9e34da6d3cd04f10d31d5102201a392e3290745dbf991deb3b3e2ba01cf705e92feecc1e976b7663faa8961758d597efd7d93b3aa35e6ca5105e0b38ebef1

  • SSDEEP

    196608:S8OcT6+O72bIhvAUJfSYoPie1ndP4Imp50MzzK7H4r2oWWI2HHSYGIA/Kg:SNc2bibjUQYmTnxDmp5VzzIH7o1yYKKg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e32e4fb7efb259c917b680c803017c4fbcb7102ae24383f105d6d2cec5560dcb.exe
    "C:\Users\Admin\AppData\Local\Temp\e32e4fb7efb259c917b680c803017c4fbcb7102ae24383f105d6d2cec5560dcb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Users\Admin\AppData\Local\Temp\is-N3LGD.tmp\e32e4fb7efb259c917b680c803017c4fbcb7102ae24383f105d6d2cec5560dcb.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-N3LGD.tmp\e32e4fb7efb259c917b680c803017c4fbcb7102ae24383f105d6d2cec5560dcb.tmp" /SL5="$6012A,12378537,54272,C:\Users\Admin\AppData\Local\Temp\e32e4fb7efb259c917b680c803017c4fbcb7102ae24383f105d6d2cec5560dcb.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-N3LGD.tmp\e32e4fb7efb259c917b680c803017c4fbcb7102ae24383f105d6d2cec5560dcb.tmp
    Filesize

    900KB

    MD5

    f8b110dc2063d3b29502aa7042d26122

    SHA1

    1a0fd3db79eadc1ce714f6267d476ddbec0f5e79

    SHA256

    e8730b0bf8f94cbb8babbfefb32cef8e8d19ec823f28c33a7d48c78589710762

    SHA512

    f3125d3f575aff68105ebb3eadbce30547d34e12237d8ebbc555c6fe12bcc0a5ea85a38e26f2900d70af70ec07efde3b8cd65dc0fdada637496531245ea5052f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-4HORS.tmp\ISTask.dll
    Filesize

    66KB

    MD5

    86a1311d51c00b278cb7f27796ea442e

    SHA1

    ac08ac9d08f8f5380e2a9a65f4117862aa861a19

    SHA256

    e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

    SHA512

    129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-4HORS.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-4HORS.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-4HORS.tmp\botva2.dll
    Filesize

    41KB

    MD5

    aed41f94ae52180f1dfd2bdb4b0eca8b

    SHA1

    94d82dfeb59e35641cad3d0aef2bd78ee2fbde96

    SHA256

    912518485d7d9f3c0ccdd4c154a67af0fa5daf0e802fc4a7db37cce80ec35c55

    SHA512

    95c2f126ebc4b705359808dfa61bd98b60c5e8909a12f5be94f56c306620e331ecd12b4ce8074c7cd1dbdf2f5f79785a6d27274e6346120c2ac930d6748edbcd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-4HORS.tmp\innocallback.dll
    Filesize

    71KB

    MD5

    028ccae315bc9860ded6dc52406fd961

    SHA1

    5715d8a868c868d45dd931253c460596d32985ec

    SHA256

    455204bb7143ed3bc62c5d5f988fa2f6887ef0151458ceb5abd71cebb188892e

    SHA512

    0f20c5f5b07d847f988835c7c8d9ccf0edb99d80329da562295811183bf651d48783e08c42adac78b532f3f3704a0d23da0a800cca9d6121428337f599440d7c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-N3LGD.tmp\e32e4fb7efb259c917b680c803017c4fbcb7102ae24383f105d6d2cec5560dcb.tmp
    Filesize

    900KB

    MD5

    f8b110dc2063d3b29502aa7042d26122

    SHA1

    1a0fd3db79eadc1ce714f6267d476ddbec0f5e79

    SHA256

    e8730b0bf8f94cbb8babbfefb32cef8e8d19ec823f28c33a7d48c78589710762

    SHA512

    f3125d3f575aff68105ebb3eadbce30547d34e12237d8ebbc555c6fe12bcc0a5ea85a38e26f2900d70af70ec07efde3b8cd65dc0fdada637496531245ea5052f

    Download Submit

  • memory/856-60-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/856-54-0x0000000076151000-0x0000000076153000-memory.dmp

    Filesize

    8KB

    Download

  • memory/856-55-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/856-79-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1348-65-0x00000000008A0000-0x00000000008B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1348-67-0x00000000008C0000-0x00000000008CE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1348-69-0x0000000001E70000-0x0000000001E86000-memory.dmp

    Filesize

    88KB

    Download