Overview

overview

7

Static

static

1

m5007761.exe

windows7-x64

7

m5007761.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2023, 08:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    m5007761.exe

  • Size

    388KB

  • MD5

    de2e46faf46685b701446d437fee9b2f

  • SHA1

    c2b07a83ba370682875a7099c6554864b19b5b2f

  • SHA256

    9d454eee6588a056d58ab1c1e47df3f0403190628d5d00fcc975e92610361d08

  • SHA512

    ca1d65599c60e49cb03483a81ca65125da02bbe2da64166d23afb9c433a7b7b95eface32f3d3850cbc34b86f1a15eb55e269bc68699c9870d8f9a6d23c692be7

  • SSDEEP

    6144:pXoAjv02WFisWzwksQ1kgTGxvGCCGh/WnRhdt+AUf:iuv0XFisWzwVgTGxvG4/mh

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\m5007761.exe
    "C:\Users\Admin\AppData\Local\Temp\m5007761.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
      2⤵
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3680
      • C:\Users\Admin\AppData\Local\Temp\c3912af058\oneetx.exe
        "C:\Users\Admin\AppData\Local\Temp\c3912af058\oneetx.exe"
        3⤵
        • Executes dropped EXE
        PID:1096

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\c3912af058\oneetx.exe
          Filesize

          101KB

          MD5

          89d41e1cf478a3d3c2c701a27a5692b2

          SHA1

          691e20583ef80cb9a2fd3258560e7f02481d12fd

          SHA256

          dc5ac8d4d6d5b230ab73415c80439b4da77da1cfde18214ef601897f661abdac

          SHA512

          5c9658f6ca0d8d067bfc76072c438ac13daa12d8c1fef33369e1bc36a592d160a2bdb22b4f3eed73e8670bb65107a4134e18e6dc604897a80cc0768769f475dc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\c3912af058\oneetx.exe
          Filesize

          101KB

          MD5

          89d41e1cf478a3d3c2c701a27a5692b2

          SHA1

          691e20583ef80cb9a2fd3258560e7f02481d12fd

          SHA256

          dc5ac8d4d6d5b230ab73415c80439b4da77da1cfde18214ef601897f661abdac

          SHA512

          5c9658f6ca0d8d067bfc76072c438ac13daa12d8c1fef33369e1bc36a592d160a2bdb22b4f3eed73e8670bb65107a4134e18e6dc604897a80cc0768769f475dc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\c3912af058\oneetx.exe
          Filesize

          101KB

          MD5

          89d41e1cf478a3d3c2c701a27a5692b2

          SHA1

          691e20583ef80cb9a2fd3258560e7f02481d12fd

          SHA256

          dc5ac8d4d6d5b230ab73415c80439b4da77da1cfde18214ef601897f661abdac

          SHA512

          5c9658f6ca0d8d067bfc76072c438ac13daa12d8c1fef33369e1bc36a592d160a2bdb22b4f3eed73e8670bb65107a4134e18e6dc604897a80cc0768769f475dc

          Download Submit

        • memory/3680-134-0x00000000003B0000-0x00000000003E8000-memory.dmp

          Filesize

          224KB

          Download

        • memory/3680-141-0x00000000003B0000-0x00000000003E8000-memory.dmp

          Filesize

          224KB

          Download