Overview

overview

7

Static

static

3

H90490861252¬F.exe

windows7-x64

7

H90490861252¬F.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2023, 12:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    H90490861252¬F.exe

  • Size

    667KB

  • MD5

    f4ebd2a2d0ff857cca296b6d868e94b0

  • SHA1

    e284b010ec634795cfe4da2cb4ea376480fdb6d4

  • SHA256

    3994c8e0aecd846d4745bee253585ab2787b6b5fe80ccac607dada63db1b4177

  • SHA512

    11811a3f7c67c279f754f4202c4c24cad8d2953b0863bb2663019b3d5ca966e605dad567241e88cdd4905aba3e5b8243292a8e74c68d8805e6d228df17c5f828

  • SSDEEP

    12288:Rgi0cO/aRB7kBfqQqVw2yJ5rcQm6dTxqooWjrARw75WSaLpG/4YBZRyIL9oI0+Ip:6i0vTcSaLpG/4AZfBT0+Ip

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\H90490861252¬F.exe
    "C:\Users\Admin\AppData\Local\Temp\H90490861252¬F.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\oTTVRU.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1164
      • C:\Windows\system32\cscript.exe
        cscript C:\Users\Admin\AppData\Local\Temp\nJ.vbs
        3⤵
        • Drops startup file
        PID:464

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nJ.vbs
          Filesize

          251B

          MD5

          3763ca904ac935fb06ab14a2e09c3798

          SHA1

          af41904eaba3720c4195a0cc989327665a78adea

          SHA256

          1f59dfbba72204da67469785ef05e3f456efcad273719d8b768d0fac2cb17b6c

          SHA512

          b8f8fb3275fa9f45bde7945cfbc22dc0a5c817f7476b2eb311d2b84e3da5b82ce46a18c1eca5b8d8607fb6d5bc7d29608019a838bc1c5ce2d5f8d9399bb3ed35

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\oTTVRU.bat
          Filesize

          540B

          MD5

          def289256104a31e53c3b444290f10cf

          SHA1

          1bc8f1c41ba13ce8ae27e58ba421ec05bd00f909

          SHA256

          805f02adba33c29e494d61d9b811f54f9ad8ecbbf9a528499a85b16e868749c4

          SHA512

          7ff8bd1b416ff1bd40689472b5603ae7c0a6e9777d72e641ec4751eafbd9da7ffe9f2669723fe6ec1498fcf352710415c95bf508045cd75cc82b2233a930b60b

          Download Submit