Overview

overview

7

Static

static

1

tvalue5-32-s-web.exe

windows7-x64

7

tvalue5-32-s-web.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    362s
  • max time network
    367s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2023, 03:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tvalue5-32-s-web.exe

  • Size

    9.4MB

  • MD5

    f71ca9cb7ed32c860511372ad91ade5a

  • SHA1

    67c69a668d6b5e2c2807a49a6eedfacbe9f60226

  • SHA256

    eca828455222d63896c5462e5afb79cf36f616a58f4a1872b9cf4d0884b0999e

  • SHA512

    c9cb59854484b92e2895ef11936d64443d2687e320db1e3998c51129418777b4a7045bdcb15a3453bad0a8f08fff827b02daf3cc9b83c08c753ad473a74e1ac3

  • SSDEEP

    196608:LhT/ujMe6ds8fy1SCadAy/pFPuunO5IKD6CVLowsvyy:LAuv2JA9Duq+Ryyy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tvalue5-32-s-web.exe
    "C:\Users\Admin\AppData\Local\Temp\tvalue5-32-s-web.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Users\Admin\AppData\Local\Temp\GLBEC14.tmp
      C:\Users\Admin\AppData\Local\Temp\GLBEC14.tmp 6144 C:\Users\Admin\AppData\Local\Temp\TVALUE~1.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      PID:1756

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\GLBEC14.tmp
          Filesize

          70KB

          MD5

          c2ec390898bf33c5c21183cafb5f2cfb

          SHA1

          0acffb90fc0fd0db14953fd4646804c93bb84821

          SHA256

          e5736220fdb92b596f8dc75affb23e593f8e1934f54705459f63ad05290ed80e

          SHA512

          7f707edd7ebec2030c68499a6715ba46a82d00314f84428d249305e5e35729f0ad2f18c706a12f54965d418d2ba00249072c3a4e313eee206b0cc681a963e907

          Download Submit

        • \Users\Admin\AppData\Local\Temp\GLBEC14.tmp
          Filesize

          70KB

          MD5

          c2ec390898bf33c5c21183cafb5f2cfb

          SHA1

          0acffb90fc0fd0db14953fd4646804c93bb84821

          SHA256

          e5736220fdb92b596f8dc75affb23e593f8e1934f54705459f63ad05290ed80e

          SHA512

          7f707edd7ebec2030c68499a6715ba46a82d00314f84428d249305e5e35729f0ad2f18c706a12f54965d418d2ba00249072c3a4e313eee206b0cc681a963e907

          Download Submit

        • \Users\Admin\AppData\Local\Temp\GLCEC62.tmp
          Filesize

          188KB

          MD5

          b285c45a315f4e85a94962151c5f2b09

          SHA1

          c0daee3a412678988fa1a9325c52cdca102e1711

          SHA256

          739105d5981cdb3040a184c28f7d7bfaf0eabf2529fa81f5697cb7c42ba0e784

          SHA512

          ed3ea4018fb1bd2859e8ebb74f0ab71f45096b687218ff748f6d581737385cc79b35940a2f6bbc2913d9ddec0902d168b5fd903729fce20ea83922bc4756d7b6

          Download Submit

        • \Users\Admin\AppData\Local\Temp\GLKEEE3.tmp
          Filesize

          33KB

          MD5

          a1c931d551c1b8028c1843c03c370a7b

          SHA1

          72d6a8572a2e567b67a29ab7e04504517c15f583

          SHA256

          494a7156cad54326177dc262a74c508da70982d9a0941932b105b4f25f7debff

          SHA512

          d8837992ad0734aa7f18db58ba63f25b03369fe6e14718a476d9ea00f74de7f1c2d138dcce37b99c4ec2d6b9863bf3ec6125b3fd1e91a3b417a1e3176f33370d

          Download Submit