Overview

overview

7

Static

static

3

SpecialDov...fx.exe

windows7-x64

7

SpecialDov...fx.exe

windows10-1703-x64

7

SpecialDov...fx.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    126s
  • max time network
    132s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-09-2023 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpecialDoveJZM.sfx.exe

  • Size

    2.0MB

  • MD5

    94ddedee3a3d2cc5d593d05209efc42d

  • SHA1

    207e25b78ea3b78439ea68c3a108f73ca87ac1e8

  • SHA256

    550ce115cebc5a59fa8ef847b035fcaa7b46de30d46d5a8f63f07fe00d96115e

  • SHA512

    831aaba2941cc3de4762963c4dbdf5e63b2cff337dc973716343819c336908e030400b76d94383f3f7e9131b574db3a3c43115576162165af894127c31dc0e17

  • SSDEEP

    49152:acbz6GNnmjE52Z+bcJ65HZevkAfP4fEW3V4dGk+bAwxBiA1GYLUO:acbFtxbcwbevkA4vSYk2AwxzRgO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SpecialDoveJZM.sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\SpecialDoveJZM.sfx.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\SpecialDoveJZM.EXE
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\SpecialDoveJZM.EXE"
      2⤵
      • Executes dropped EXE
      PID:3720

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\SpecialDoveJZM.EXE
    Filesize

    3.2MB

    MD5

    11737d6c720c0e2746e6f3f919b6115e

    SHA1

    00d230c5a300ba1ba2561ad9903f44132f807f53

    SHA256

    9f999c9a2e16aa4482d655ffa54a0fdccbe62fac11c27200b821692ef26a9a8c

    SHA512

    8a1e4b4059c630daad4d28b362909c8fb57604397aa45462e9f19047926c3067d6d831a63446c4447562acca0d2db9b59ffe01bab29e682464a57d450bf2d82e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\SpecialDoveJZM.EXE
    Filesize

    3.2MB

    MD5

    11737d6c720c0e2746e6f3f919b6115e

    SHA1

    00d230c5a300ba1ba2561ad9903f44132f807f53

    SHA256

    9f999c9a2e16aa4482d655ffa54a0fdccbe62fac11c27200b821692ef26a9a8c

    SHA512

    8a1e4b4059c630daad4d28b362909c8fb57604397aa45462e9f19047926c3067d6d831a63446c4447562acca0d2db9b59ffe01bab29e682464a57d450bf2d82e

    Download Submit