Overview

overview

7

Static

static

3

633e78779b...ex.exe

windows7-x64

7

633e78779b...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2023, 09:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    633e78779b9ae5exeexeexeex.exe

  • Size

    29KB

  • MD5

    633e78779b9ae579dfea9f150a4d1e72

  • SHA1

    aece3d74e1909ed14d9dd581c793eb1611b9950c

  • SHA256

    a2b62682989846ce27952c5c3bfdb41ed8974e5ff6277562b618132d658c24e0

  • SHA512

    f02f070333b5e7acb8afcdc257107fd347818f5c5dacd0a26d835bd9736207d59ca89f423d0669dab64488a971308c0fb9ae68c4af1e71ece91bc91031905167

  • SSDEEP

    384:bA74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUZ0psObBi+H:bA74zYcgT/Ekd0ryfjemD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\633e78779b9ae5exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\633e78779b9ae5exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    29KB

    MD5

    146bc75d52ab58e80656902001e55e25

    SHA1

    e42d941500c3e41689d54345e95e7cb9dc31d523

    SHA256

    dc984d8e7b54d48507fea14dbc037d944597de3bf49727d485e119fda10f4104

    SHA512

    64b19a9735f7e465d0d42df23e8ebaa343fe10b6e72ef9ff9256e7d95907cf0e87aff6b1080d89ad3c643ee0beaee3c41a5f6404aaf0fde42f1c91124909c71c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    29KB

    MD5

    146bc75d52ab58e80656902001e55e25

    SHA1

    e42d941500c3e41689d54345e95e7cb9dc31d523

    SHA256

    dc984d8e7b54d48507fea14dbc037d944597de3bf49727d485e119fda10f4104

    SHA512

    64b19a9735f7e465d0d42df23e8ebaa343fe10b6e72ef9ff9256e7d95907cf0e87aff6b1080d89ad3c643ee0beaee3c41a5f6404aaf0fde42f1c91124909c71c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    29KB

    MD5

    146bc75d52ab58e80656902001e55e25

    SHA1

    e42d941500c3e41689d54345e95e7cb9dc31d523

    SHA256

    dc984d8e7b54d48507fea14dbc037d944597de3bf49727d485e119fda10f4104

    SHA512

    64b19a9735f7e465d0d42df23e8ebaa343fe10b6e72ef9ff9256e7d95907cf0e87aff6b1080d89ad3c643ee0beaee3c41a5f6404aaf0fde42f1c91124909c71c

    Download Submit

  • memory/768-68-0x0000000001CA0000-0x0000000001CA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1112-54-0x0000000000390000-0x0000000000396000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1112-55-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download