7a6e09bf9c81ae5ed26fae6888ed0d41f9dca20648e0b04f4d7c6bd99eb60506

Analysis

max time kernel
5s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-03-2023 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AMD-Ryzen-Master.exe
Size

138.1MB
MD5

a782348d378f16d8390ac517d5d7126b
SHA1

4f805e9875678ae3ee7db9dee84794be590154ab
SHA256

7a6e09bf9c81ae5ed26fae6888ed0d41f9dca20648e0b04f4d7c6bd99eb60506
SHA512

e5786d2ebcb2a6d1fd4df3000ab0c08dfe46c347a89211e249b0f5bf1a2a7ea013a301fafae2c54ced0f6e5a6d6138e2c0dd7b5cd67d64f8126adc0f10070fac
SSDEEP

3145728:4KHvs86fUdJ1IC1AYXnj75LmKE6KZJ9JVRkJkd:hvsRQ1Z3v5LXE6K/vVSJkd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1048	AMD-Ryzen-Master.exe

Loads dropped DLL 1 IoCs

pid	Process
2008	AMD-Ryzen-Master.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1048	2008	AMD-Ryzen-Master.exe	28
PID 2008 wrote to memory of 1048	2008	AMD-Ryzen-Master.exe	28
PID 2008 wrote to memory of 1048	2008	AMD-Ryzen-Master.exe	28
PID 2008 wrote to memory of 1048	2008	AMD-Ryzen-Master.exe	28
PID 2008 wrote to memory of 1048	2008	AMD-Ryzen-Master.exe	28
PID 2008 wrote to memory of 1048	2008	AMD-Ryzen-Master.exe	28
PID 2008 wrote to memory of 1048	2008	AMD-Ryzen-Master.exe	28

C:\Users\Admin\AppData\Local\Temp\AMD-Ryzen-Master.exe
"C:\Users\Admin\AppData\Local\Temp\AMD-Ryzen-Master.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\{D6B9CADC-DD41-4045-A549-6A09D343F9DA}\AMD-Ryzen-Master.exe
  C:\Users\Admin\AppData\Local\Temp\{D6B9CADC-DD41-4045-A549-6A09D343F9DA}\AMD-Ryzen-Master.exe /q"C:\Users\Admin\AppData\Local\Temp\AMD-Ryzen-Master.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{D6B9CADC-DD41-4045-A549-6A09D343F9DA}" /IS_temp
  2⤵
  - Executes dropped EXE
  PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{D6B9CADC-DD41-4045-A549-6A09D343F9DA}\0x0409.ini

Filesize
21KB

MD5
a108f0030a2cda00405281014f897241

SHA1
d112325fa45664272b08ef5e8ff8c85382ebb991

SHA256
8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948

SHA512
d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D6B9CADC-DD41-4045-A549-6A09D343F9DA}\AMD-Ryzen-Master.exe

Filesize
101.9MB

MD5
14bfd52dc79a5f8e72fa510fe311fb5a

SHA1
92699e10646028846686eb6314fbdefb1b7dfedc

SHA256
ede0d922ca8406612cb18044a74b08c6876ff037693d2c1d7128a1edcae54d3d

SHA512
4e0e8629cc661d5e35d5b2d8d1f1ad1299ce8bde3edfca7e7c235b8716c8392481d207a02da4bf387cad81bfa8a419e4886e83012e74d3e30b3dae936a5f5616

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D6B9CADC-DD41-4045-A549-6A09D343F9DA}\AMD-Ryzen-Master.exe

Filesize
98.4MB

MD5
96878511457e86eb529a5e28b0dcacca

SHA1
5530fc0778b3519a55122402e55ca850db4e84d3

SHA256
d4ba159c28ad51fa8b3f1c3d9f3ff599013ce0abff71838487120aefa2d2dca1

SHA512
ac71f91ae126d9ca41afc1504f23ca066e053e72bd0ef67926a35023bca14dcf2898357ed073a1641b2eb1cd8d7fbb49c386d900b69e2e1db31092c0a5d8078d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D6B9CADC-DD41-4045-A549-6A09D343F9DA}\_ISMSIDEL.INI

Filesize
636B

MD5
6b88c0d7b8edb4b0d655b7702f791e02

SHA1
8dd86b8d7b230d6769185735aef3d8afbec16df9

SHA256
30add0983869ab146b9e9c8490be9f2cb8b3ba1079ed6d59d437aa70fe2d1e89

SHA512
8f05bb4cf8c97b7c22c537c4169c6cc7742940f358c4610143d74c9ec2987dd541914ddd73ee556bfecb852190b22b0c9c362ab3d56ca97d98e29c89e900562e

Download Submit
C:\Users\Admin\AppData\Local\Temp\~3778.tmp

Filesize
5KB

MD5
9fed816dfe4be4e1165b8b1ee7304493

SHA1
c4843ce61f750a5c2504fa98008271555fa77a50

SHA256
26d7db87158a3c03519469a8ed99b1d0ff9e640984437c6011b2b9ef6d2cbf5a

SHA512
fae51eeab70fec47e0c1cb5587f9b885897ff43aab693c93355e8738d2c337714d3dd73f6b71b488ddb0c46fdba72de9db52652c3e6eb5fb61930403fc2773e6

Download Submit
\Users\Admin\AppData\Local\Temp\{D6B9CADC-DD41-4045-A549-6A09D343F9DA}\AMD-Ryzen-Master.exe

Filesize
98.4MB

MD5
8c9c0a53c75223750d54021ea52ac15e

SHA1
42b558a4f6324fe77f8e7a3162c0bcbb4177c826

SHA256
e7dad4f175d9ab703c75b9a034d65171d21b311d81b7707478c770b1f20dce0b

SHA512
f03b5283d33137701852ce6019a6060a3c29b2a9611679517c8ca716df7b04ec7073e5b41c7a8fd89430c97db501344c219fedef6d8c74ec59d3ba774a18f81c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads