Overview

overview

7

Static

static

3

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2023, 04:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    611458b0884686eab54298c7e82e23daaad3a93482def2f42d8d259004e95774.exe

  • Size

    12.7MB

  • MD5

    60255ef7d90a35361e5fe2f5d5514734

  • SHA1

    bef1b9033a5e8665da849fb64285601e9da82966

  • SHA256

    611458b0884686eab54298c7e82e23daaad3a93482def2f42d8d259004e95774

  • SHA512

    9fc5b5f22d1ace55d8eaf5a3a2b71c771b56d99f057aea5557f648b4063772b999187819ab58883e86933e5cf9d44aa6b59ffddc312686b15a6b477edfe029d5

  • SSDEEP

    49152:rlCm9habSnsmzuiuJtiks5bTJguq+Z0A19OO31Fb/n0EZOL/JGm/8sID0n1EY1eT:RrCliIid5nb/n5AM4mD01huEDmlvRrd

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\611458b0884686eab54298c7e82e23daaad3a93482def2f42d8d259004e95774.exe
    "C:\Users\Admin\AppData\Local\Temp\611458b0884686eab54298c7e82e23daaad3a93482def2f42d8d259004e95774.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Program Files\7-Zip\7z.exe
      "C:\Program Files\7-Zip\7z.exe"
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
        C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
        3⤵
        • Executes dropped EXE
        PID:2608

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
          Filesize

          842.4MB

          MD5

          c7bda935d6565b5a5516cc17ef3f30f0

          SHA1

          d5504b7a3125bb2d95c4cc1b78c5aed67445877a

          SHA256

          79f682da0c09e7ea593bcb899d6b4ffc0ef3a2740b611b2f2a351334e5480508

          SHA512

          60567d4a589401eca173fbe7522e1fbdb80a2ecd54934bb167bcf729d4e0c15e2e9f4f677c758bf7cb05a7bb1cbab8687d390a54e38b1b5585e888a8c40e5664

          Download Submit

        • \Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
          Filesize

          842.4MB

          MD5

          c7bda935d6565b5a5516cc17ef3f30f0

          SHA1

          d5504b7a3125bb2d95c4cc1b78c5aed67445877a

          SHA256

          79f682da0c09e7ea593bcb899d6b4ffc0ef3a2740b611b2f2a351334e5480508

          SHA512

          60567d4a589401eca173fbe7522e1fbdb80a2ecd54934bb167bcf729d4e0c15e2e9f4f677c758bf7cb05a7bb1cbab8687d390a54e38b1b5585e888a8c40e5664

          Download Submit

        • memory/2152-13-0x0000000000440000-0x00000000008A9000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2152-8-0x0000000000440000-0x00000000008A9000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2152-12-0x0000000000440000-0x00000000008A9000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2152-2-0x0000000000440000-0x00000000008A9000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2152-11-0x0000000000440000-0x00000000008A9000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2152-14-0x0000000000440000-0x00000000008A9000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2152-16-0x0000000000440000-0x00000000008A9000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2152-3-0x0000000000440000-0x00000000008A9000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2152-4-0x000007FFFFFD8000-0x000007FFFFFD9000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2152-21-0x0000000000440000-0x00000000008A9000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/2996-9-0x000000013FE90000-0x0000000140BB7000-memory.dmp

          Filesize

          13.2MB

          Download