Overview

overview

10

Static

static

3

1.exe

windows7-x64

10

1.exe

windows10-1703-x64

10

1.exe

windows10-2004-x64

10

10.exe

windows7-x64

10

10.exe

windows10-1703-x64

10

10.exe

windows10-2004-x64

10

2.exe

windows7-x64

10

2.exe

windows10-1703-x64

10

2.exe

windows10-2004-x64

10

3.exe

windows7-x64

10

3.exe

windows10-1703-x64

10

3.exe

windows10-2004-x64

10

4.exe

windows7-x64

10

4.exe

windows10-1703-x64

10

4.exe

windows10-2004-x64

10

5.exe

windows7-x64

10

5.exe

windows10-1703-x64

10

5.exe

windows10-2004-x64

10

6.exe

windows7-x64

10

6.exe

windows10-1703-x64

10

6.exe

windows10-2004-x64

10

7.exe

windows7-x64

7

7.exe

windows10-1703-x64

10

7.exe

windows10-2004-x64

10

8.exe

windows7-x64

7

8.exe

windows10-1703-x64

10

8.exe

windows10-2004-x64

10

9.exe

windows7-x64

10

9.exe

windows10-1703-x64

10

9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2023 06:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8.exe

  • Size

    8.6MB

  • MD5

    5e639f8c34e0b9942a9fb179112e6655

  • SHA1

    04db25f7d87e3931607df2fa5b2494accedb479c

  • SHA256

    b0111a5e13a87cf356995a136eedbd783377f8947c774a8a950cba8fb0e9b43f

  • SHA512

    8b37ca71de6d2458ccdde6ecbaa9f0977fbd8d7707d520cedc1c0ac74d01053cc2ee43372fd04710cc98545c85a3ad3bc7b40651323e30fd57cfa20f1c2b4a59

  • SSDEEP

    196608:epd5a4FMIZETSwjPePdrQJTEOXBNOquwg:fQETSwvJIkOqu

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8.exe
    "C:\Users\Admin\AppData\Local\Temp\8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Users\Admin\AppData\Local\Temp\8.exe
      "C:\Users\Admin\AppData\Local\Temp\8.exe"
      2⤵
      • Loads dropped DLL
      PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-file-l1-2-0.dll
    Filesize

    11KB

    MD5

    35bc1f1c6fbccec7eb8819178ef67664

    SHA1

    bbcad0148ff008e984a75937aaddf1ef6fda5e0c

    SHA256

    7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7

    SHA512

    9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-file-l2-1-0.dll
    Filesize

    11KB

    MD5

    3bf4406de02aa148f460e5d709f4f67d

    SHA1

    89b28107c39bb216da00507ffd8adb7838d883f6

    SHA256

    349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e

    SHA512

    5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    13KB

    MD5

    8acb83d102dabd9a5017a94239a2b0c6

    SHA1

    9b43a40a7b498e02f96107e1524fe2f4112d36ae

    SHA256

    059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413

    SHA512

    b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    11KB

    MD5

    9c9b50b204fcb84265810ef1f3c5d70a

    SHA1

    0913ab720bd692abcdb18a2609df6a7f85d96db3

    SHA256

    25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40

    SHA512

    ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    11KB

    MD5

    43e1ae2e432eb99aa4427bb68f8826bb

    SHA1

    eee1747b3ade5a9b985467512215caf7e0d4cb9b

    SHA256

    3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c

    SHA512

    40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24402\python311.dll
    Filesize

    5.5MB

    MD5

    5a5dd7cad8028097842b0afef45bfbcf

    SHA1

    e247a2e460687c607253949c52ae2801ff35dc4a

    SHA256

    a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

    SHA512

    e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI24402\ucrtbase.dll
    Filesize

    987KB

    MD5

    61eb0ad4c285b60732353a0cb5c9b2ab

    SHA1

    21a1bea01f6ca7e9828a522c696853706d0a457b

    SHA256

    10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd

    SHA512

    44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-file-l1-2-0.dll
    Filesize

    11KB

    MD5

    35bc1f1c6fbccec7eb8819178ef67664

    SHA1

    bbcad0148ff008e984a75937aaddf1ef6fda5e0c

    SHA256

    7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7

    SHA512

    9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-file-l2-1-0.dll
    Filesize

    11KB

    MD5

    3bf4406de02aa148f460e5d709f4f67d

    SHA1

    89b28107c39bb216da00507ffd8adb7838d883f6

    SHA256

    349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e

    SHA512

    5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    13KB

    MD5

    8acb83d102dabd9a5017a94239a2b0c6

    SHA1

    9b43a40a7b498e02f96107e1524fe2f4112d36ae

    SHA256

    059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413

    SHA512

    b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    11KB

    MD5

    9c9b50b204fcb84265810ef1f3c5d70a

    SHA1

    0913ab720bd692abcdb18a2609df6a7f85d96db3

    SHA256

    25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40

    SHA512

    ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI24402\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    11KB

    MD5

    43e1ae2e432eb99aa4427bb68f8826bb

    SHA1

    eee1747b3ade5a9b985467512215caf7e0d4cb9b

    SHA256

    3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c

    SHA512

    40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI24402\python311.dll
    Filesize

    5.5MB

    MD5

    5a5dd7cad8028097842b0afef45bfbcf

    SHA1

    e247a2e460687c607253949c52ae2801ff35dc4a

    SHA256

    a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

    SHA512

    e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI24402\ucrtbase.dll
    Filesize

    987KB

    MD5

    61eb0ad4c285b60732353a0cb5c9b2ab

    SHA1

    21a1bea01f6ca7e9828a522c696853706d0a457b

    SHA256

    10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd

    SHA512

    44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

    Download Submit