Overview

overview

10

Static

static

1

07670199.exe

windows7-x64

10

07670199.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2023, 13:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07670199.exe

  • Size

    4.2MB

  • MD5

    584a08454febc94566aaf7dbe4623306

  • SHA1

    6fed16840beeb70c6f7aa1a19b766277413f2de9

  • SHA256

    6b48dea06097c036cd0ad489663ebd6ef6f2780379d06af80ef553d612aaf4a5

  • SHA512

    6bf812144ffe60fd2de543f08da6aa4ccd496ac8e278a967803f959141ddfc732eeff6cda6d7b9debdbc96eb9e633f7e8a0f457df20a92acb005810f10767b64

  • SSDEEP

    98304:lazGeoP07U6s55sN0EQNLTiJSwlX8i8XkB2lD7LC7RJ:laJo0AbENLUOlMi8XkQl/L2J

Score
10/10
gluptebadropperloader

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 2 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07670199.exe
    "C:\Users\Admin\AppData\Local\Temp\07670199.exe"
    1⤵
      PID:4572
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 276
        2⤵
        • Program crash
        PID:1248
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4572 -ip 4572
      1⤵
        PID:4956

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4572-134-0x0000000002E60000-0x000000000374B000-memory.dmp

        Filesize

        8.9MB

        Download

      • memory/4572-135-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download