Overview

overview

8

Static

static

1

pw1207-fre...1).exe

windows7-x64

4

pw1207-fre...1).exe

windows10-2004-x64

8

Resubmissions

08/06/2023, 15:48

230608-s8z8gahc7x 8

Analysis

  • max time kernel
    142s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    08/06/2023, 15:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    pw1207-free-online (1).exe

  • Size

    3.1MB

  • MD5

    26684efa2d1a2154a56fc36438b94b62

  • SHA1

    32f155c5716a2b068f6526eef6b37ec28ecce1bd

  • SHA256

    5e681eeb4e55d9b0c88e1515ed06ae368b3e0243273a94eab94f38b483485ae9

  • SHA512

    d5fc6be6b95e5cf6ca524b7c6fc6464c57b0d13b4031498b27ddde02b5258674ecc53f8df561e9a5c935debefd78e837340504b8053b09d2bac0d5092b493558

  • SSDEEP

    98304:VkL2991YnIbfnLTccGEE7kc7EFnGQYy+9E:22991OIDtQIc7EFGQYNE

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pw1207-free-online (1).exe
    "C:\Users\Admin\AppData\Local\Temp\pw1207-free-online (1).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:712
    • C:\Users\Admin\AppData\Local\Temp\is-DKBOD.tmp\pw1207-free-online (1).tmp
      "C:\Users\Admin\AppData\Local\Temp\is-DKBOD.tmp\pw1207-free-online (1).tmp" /SL5="$70134,2294223,1148928,C:\Users\Admin\AppData\Local\Temp\pw1207-free-online (1).exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1348

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-DKBOD.tmp\pw1207-free-online (1).tmp
          Filesize

          3.3MB

          MD5

          52df913a5481fa811f82f154c3fed18d

          SHA1

          b62711e7b6a9861844a91b5aa76406d48fd8c951

          SHA256

          d03c52270722c51129737a747c49c4aedbaf3236cd93f4c8b8cc8cf23d26c45a

          SHA512

          951392f3b8a816a7a41216475f6814078ace647f127c46dbf090063b67689afe50e4b7794d5db89fa2a72258a63f7486bd11a17813b2c23b86907deb3d0fe37c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-DKBOD.tmp\pw1207-free-online (1).tmp
          Filesize

          3.3MB

          MD5

          52df913a5481fa811f82f154c3fed18d

          SHA1

          b62711e7b6a9861844a91b5aa76406d48fd8c951

          SHA256

          d03c52270722c51129737a747c49c4aedbaf3236cd93f4c8b8cc8cf23d26c45a

          SHA512

          951392f3b8a816a7a41216475f6814078ace647f127c46dbf090063b67689afe50e4b7794d5db89fa2a72258a63f7486bd11a17813b2c23b86907deb3d0fe37c

          Download Submit

        • memory/712-54-0x0000000000400000-0x0000000000526000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/712-62-0x0000000000400000-0x0000000000526000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1348-61-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1348-63-0x0000000000400000-0x0000000000760000-memory.dmp

          Filesize

          3.4MB

          Download