Overview

overview

10

Static

static

10

1.exe

windows7-x64

3

1221.exe

windows7-x64

10

6b282d34fv2.exe

windows7-x64

1

B000CEF.exe

windows7-x64

10

Builder.exe

windows7-x64

1

POVOFJYqCo...Iu.exe

windows7-x64

1

Terracotta.exe

windows7-x64

1

TerracottaGUI.exe

windows7-x64

1

Zver.exe

windows7-x64

3

a.exe

windows7-x64

10

amdcontroller.exe

windows7-x64

10

bg.exe

windows7-x64

1

bin.exe

windows7-x64

10

bin2.exe

windows7-x64

7

ej.exe

windows7-x64

10

fban4.exe

windows7-x64

7

glash.exe

windows7-x64

1

johngotovo (2).exe

windows7-x64

10

johngotovo...al.exe

windows7-x64

10

ktg.exe

windows7-x64

1

otIXAOPqOV...LX.exe

windows7-x64

3

scvsots.exe

windows7-x64

10

setup.exe

windows7-x64

1

shit.exe

windows7-x64

10

ss.exe

windows7-x64

10

stealedd517v2.exe

windows7-x64

1

steel.exe

windows7-x64

1

ted.exe

windows7-x64

1

update_b.exe

windows7-x64

1

update_z.exe

windows7-x64

1

uyo.exe

windows7-x64

1

v72d8z2.exe

windows7-x64

1

Analysis

  • max time kernel
    24s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    13-08-2023 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    otIXAOPqOVgvIKePlwFQLX.exe

  • Size

    543KB

  • MD5

    db3c474b698889e9f1f05de6dedae185

  • SHA1

    78b7e6ca6c4e23080a4d28c287646690c24c3026

  • SHA256

    9ba71bc46a160ca3334e8866bab9fc438e671c0f18897aaa08a3dc815281aab5

  • SHA512

    c5a1c8531bbb26f0105e6b49d8b7a223783ab7d97c8f4a33989094d96753446bb7c5bc41c6048f0a74d60fde4338de68ddd3d8601cab928531f8059693df2dd1

  • SSDEEP

    12288:2Z6nZpubQrDwJ2RPl/Ctpv9QUb43a8gCtSWoCO5qqp:hZpBwJE5CtHQUs3NjoRqq

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\otIXAOPqOVgvIKePlwFQLX.exe
    "C:\Users\Admin\AppData\Local\Temp\otIXAOPqOVgvIKePlwFQLX.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 564
      2⤵
      • Program crash
      PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3008-54-0x00000000747E0000-0x0000000074ECE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/3008-53-0x00000000002A0000-0x0000000000330000-memory.dmp
    Filesize

    576KB

    Download
  • memory/3008-55-0x00000000048D0000-0x0000000004910000-memory.dmp
    Filesize

    256KB

    Download
  • memory/3008-56-0x00000000747E0000-0x0000000074ECE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/3008-57-0x00000000048D0000-0x0000000004910000-memory.dmp
    Filesize

    256KB

    Download