Overview

overview

7

Static

static

1

LivingMarine2.exe

windows7-x64

7

LivingMarine2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2023 09:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LivingMarine2.exe

  • Size

    5.9MB

  • MD5

    aa71e704edebaf55886f3fa601c3daf8

  • SHA1

    b352a3905504a4ad774e466b961b4632bb046f1d

  • SHA256

    4f2e939f28c4a2d7cda8a8c823b409d6085113c7475f4c4330828dd3be81a147

  • SHA512

    ca520e2d7f81b1704d144bf922743ad29600265e63f2bf6147b39080aca30f97afa29779f61acebd9297f1353f6f2f7ec24a1bfd59ba39765745c6f53bade61b

  • SSDEEP

    98304:8Sif3jMvKI2cdRX24tMqMKEvR1fJ6D6fRg1f8Uk9uj0BFrKN+iicycRKcQt8uyRU:S37UdxfgvRT1fRqAM07a7StcE5cM

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LivingMarine2.exe
    "C:\Users\Admin\AppData\Local\Temp\LivingMarine2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Users\Admin\AppData\Local\Temp\is-AEM9V.tmp\LivingMarine2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-AEM9V.tmp\LivingMarine2.tmp" /SL5="$70124,4817524,831488,C:\Users\Admin\AppData\Local\Temp\LivingMarine2.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-AEM9V.tmp\LivingMarine2.tmp
    Filesize

    3.0MB

    MD5

    b344f458c387749bcf0aff1d33c9b5b4

    SHA1

    6030cf1e4118beb3da230bf5e8d9fabb80d75f5c

    SHA256

    ee1e8da842a929e0ebeb989fc236dbfc1a019e576f79f64a4961c1bc7fd893a6

    SHA512

    e2de5841ce96f81c1808d38f56a799f57633ac5854c08a2b5bfe8aeaab5fcaf27dbb8c2f64e3ebeedbad355793c00cb98d241336e624483e2b6a254409da2904

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-AEM9V.tmp\LivingMarine2.tmp
    Filesize

    3.0MB

    MD5

    b344f458c387749bcf0aff1d33c9b5b4

    SHA1

    6030cf1e4118beb3da230bf5e8d9fabb80d75f5c

    SHA256

    ee1e8da842a929e0ebeb989fc236dbfc1a019e576f79f64a4961c1bc7fd893a6

    SHA512

    e2de5841ce96f81c1808d38f56a799f57633ac5854c08a2b5bfe8aeaab5fcaf27dbb8c2f64e3ebeedbad355793c00cb98d241336e624483e2b6a254409da2904

    Download Submit

  • memory/960-54-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/960-63-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/2028-61-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2028-64-0x0000000000400000-0x000000000071A000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2028-65-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download