Overview

overview

7

Static

static

1

LivingMarine2.exe

windows7-x64

7

LivingMarine2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2023, 09:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    LivingMarine2.exe

  • Size

    5.9MB

  • MD5

    aa71e704edebaf55886f3fa601c3daf8

  • SHA1

    b352a3905504a4ad774e466b961b4632bb046f1d

  • SHA256

    4f2e939f28c4a2d7cda8a8c823b409d6085113c7475f4c4330828dd3be81a147

  • SHA512

    ca520e2d7f81b1704d144bf922743ad29600265e63f2bf6147b39080aca30f97afa29779f61acebd9297f1353f6f2f7ec24a1bfd59ba39765745c6f53bade61b

  • SSDEEP

    98304:8Sif3jMvKI2cdRX24tMqMKEvR1fJ6D6fRg1f8Uk9uj0BFrKN+iicycRKcQt8uyRU:S37UdxfgvRT1fRqAM07a7StcE5cM

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LivingMarine2.exe
    "C:\Users\Admin\AppData\Local\Temp\LivingMarine2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3168
    • C:\Users\Admin\AppData\Local\Temp\is-EUNUB.tmp\LivingMarine2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-EUNUB.tmp\LivingMarine2.tmp" /SL5="$C006E,4817524,831488,C:\Users\Admin\AppData\Local\Temp\LivingMarine2.exe"
      2⤵
      • Executes dropped EXE
      PID:3736

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-EUNUB.tmp\LivingMarine2.tmp
          Filesize

          3.0MB

          MD5

          b344f458c387749bcf0aff1d33c9b5b4

          SHA1

          6030cf1e4118beb3da230bf5e8d9fabb80d75f5c

          SHA256

          ee1e8da842a929e0ebeb989fc236dbfc1a019e576f79f64a4961c1bc7fd893a6

          SHA512

          e2de5841ce96f81c1808d38f56a799f57633ac5854c08a2b5bfe8aeaab5fcaf27dbb8c2f64e3ebeedbad355793c00cb98d241336e624483e2b6a254409da2904

          Download Submit

        • memory/3168-133-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

          Download

        • memory/3168-140-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

          Download

        • memory/3736-138-0x0000000000A20000-0x0000000000A21000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3736-141-0x0000000000400000-0x000000000071A000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3736-142-0x0000000000A20000-0x0000000000A21000-memory.dmp

          Filesize

          4KB

          Download