Overview

overview

7

Static

static

3

Reflection..._7.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    600s
  • max time network
    388s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20-07-2023 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Reflections_Installer_Windows_7.exe

  • Size

    2.7MB

  • MD5

    eb24d1496ca86c176a459b080116f08f

  • SHA1

    7a4cb09be50096c2786f76910671f284e089865a

  • SHA256

    5e99db879b10988533fdb6f200291b064a592590e455eb5f7dd0c5e4231c0b53

  • SHA512

    1c1c1daf1a9331e5fe1712cdb2b1c416b1999a805a109b2ef9876999bfafe80b14f98c1e0c8e4d785b6140049de3e91c2d99d5c4a653623357bb24e1c376b3b5

  • SSDEEP

    49152:Nqe3f6bsjbgzYlFYf+iD+rQHzNzzwrh+DidXvh6dS/04OOR5Qv79:cSibibgzYHiaak1+DidXvh6d204OOR5w

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Reflections_Installer_Windows_7.exe
    "C:\Users\Admin\AppData\Local\Temp\Reflections_Installer_Windows_7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Users\Admin\AppData\Local\Temp\is-MAFJH.tmp\Reflections_Installer_Windows_7.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-MAFJH.tmp\Reflections_Installer_Windows_7.tmp" /SL5="$80224,2065547,780800,C:\Users\Admin\AppData\Local\Temp\Reflections_Installer_Windows_7.exe"
      2⤵
      • Executes dropped EXE
      PID:4524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-MAFJH.tmp\Reflections_Installer_Windows_7.tmp
    Filesize

    2.9MB

    MD5

    969ee2d3e666e296b95e3b6910fb40f0

    SHA1

    9ea4b9dd8d59ec7f8d7889a0decc10453c72de27

    SHA256

    775e547114ab0f37d251a4b15588e87c9991e2362bfa2199366ad1c3505d2c5d

    SHA512

    e795dba6c83e424d7b4dd6d43b14649d1c5cf766a3fb5b54471c36abc274872d09f25fcd75e13caf8d68daf66de199f80b949c76286272a1919272e3b588f896

    Download Submit

  • memory/2540-118-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2540-125-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4524-123-0x0000000000B80000-0x0000000000B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4524-127-0x0000000000400000-0x00000000006EE000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/4524-128-0x0000000000B80000-0x0000000000B81000-memory.dmp

    Filesize

    4KB

    Download