Analysis
-
max time kernel
24s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
15-06-2023 12:47
Static task
static1
Behavioral task
behavioral1
Sample
07849699.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
07849699.exe
Resource
win10v2004-20230220-en
General
-
Target
07849699.exe
-
Size
58.4MB
-
MD5
a15d6e20d0107f59af14bfe1bfee8a5a
-
SHA1
a16c498932a3c2851f255bf355f12076159afba7
-
SHA256
301ee3fb48efa7dc3d15c8e434b93ae36bd9953d7d62efcc85e054a8720595c7
-
SHA512
02ed872a21f838422881fb2e6099ee3bb3b5e6c22a9ea4439de54cac0fc1aa7cadbf4f1e601cff50bd300941c529313e844c3547f8b3a5bdd4f7b7f47bb6e21e
-
SSDEEP
1572864:gDG8e0q6S1HeWXgyzRT//W87ghVzJNUXhhgTO0GsrVRUZUcf8E:KMMi++9XWDX+0rrVRTE
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
07849699.exepid process 1528 07849699.exe -
Loads dropped DLL 1 IoCs
Processes:
07849699.exepid process 1612 07849699.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
07849699.exedescription pid process target process PID 1612 wrote to memory of 1528 1612 07849699.exe 07849699.exe PID 1612 wrote to memory of 1528 1612 07849699.exe 07849699.exe PID 1612 wrote to memory of 1528 1612 07849699.exe 07849699.exe PID 1612 wrote to memory of 1528 1612 07849699.exe 07849699.exe PID 1612 wrote to memory of 1528 1612 07849699.exe 07849699.exe PID 1612 wrote to memory of 1528 1612 07849699.exe 07849699.exe PID 1612 wrote to memory of 1528 1612 07849699.exe 07849699.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\07849699.exe"C:\Users\Admin\AppData\Local\Temp\07849699.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Windows\Temp\{694EF36E-6996-4165-A326-4994299B0150}\.cr\07849699.exe"C:\Windows\Temp\{694EF36E-6996-4165-A326-4994299B0150}\.cr\07849699.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\07849699.exe" -burn.filehandle.attached=180 -burn.filehandle.self=1882⤵
- Executes dropped EXE
PID:1528
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\Temp\{694EF36E-6996-4165-A326-4994299B0150}\.cr\07849699.exeFilesize
10.3MB
MD53b2354b92f91a4383b867b594196cd1c
SHA143c830cfa6b873b66a323e3747a199365cb18b50
SHA2562600f1e1b62070d15018ee507d9f91dd13ed93b775c4c62ffbfda85f601d85e7
SHA5127421cc4f7254099f87c49a201f8816fa1adacd14333818bd85bed941c82932656159da3aaac1e7d2246874068020bfd5947f6d157882f8703408adce8ce288da
-
C:\Windows\Temp\{694EF36E-6996-4165-A326-4994299B0150}\.cr\07849699.exeFilesize
10.3MB
MD53b2354b92f91a4383b867b594196cd1c
SHA143c830cfa6b873b66a323e3747a199365cb18b50
SHA2562600f1e1b62070d15018ee507d9f91dd13ed93b775c4c62ffbfda85f601d85e7
SHA5127421cc4f7254099f87c49a201f8816fa1adacd14333818bd85bed941c82932656159da3aaac1e7d2246874068020bfd5947f6d157882f8703408adce8ce288da
-
\Windows\Temp\{694EF36E-6996-4165-A326-4994299B0150}\.cr\07849699.exeFilesize
10.3MB
MD53b2354b92f91a4383b867b594196cd1c
SHA143c830cfa6b873b66a323e3747a199365cb18b50
SHA2562600f1e1b62070d15018ee507d9f91dd13ed93b775c4c62ffbfda85f601d85e7
SHA5127421cc4f7254099f87c49a201f8816fa1adacd14333818bd85bed941c82932656159da3aaac1e7d2246874068020bfd5947f6d157882f8703408adce8ce288da