Overview

overview

6

Static

static

1

a7390e54a7...d1.exe

windows7-x64

6

a7390e54a7...d1.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2023, 02:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7390e54a787b7452bd383c4e6de62194d3d5d3b741c0aad746f234a258f63d1.exe

  • Size

    742KB

  • MD5

    508accc5dbc7f693de2b69413bda37b7

  • SHA1

    1cbebf420c41c0359b0573cfef5adf11f3042be4

  • SHA256

    a7390e54a787b7452bd383c4e6de62194d3d5d3b741c0aad746f234a258f63d1

  • SHA512

    872b434d17e1a837851747a97f5e3afe97aad2c83b47b0beaee08a12075eb126fca09219574f223990e05c4b8ff95fabf19cf525b1dae47cdadd891c669cd410

  • SSDEEP

    6144:vCDmQm7hbbXLToZZLa3F5ls+5pSJbCv4/QDODsonxmqNvIEmHXu0VBoP7sKtxR7L:CmFbXLToZZ+15lZ3Sc

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1204
      • C:\Users\Admin\AppData\Local\Temp\a7390e54a787b7452bd383c4e6de62194d3d5d3b741c0aad746f234a258f63d1.exe
        "C:\Users\Admin\AppData\Local\Temp\a7390e54a787b7452bd383c4e6de62194d3d5d3b741c0aad746f234a258f63d1.exe"
        2⤵
        • Adds Run key to start application
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:2104
        • C:\Users\Admin\AppData\Local\Temp\a7390e54a787b7452bd383c4e6de62194d3d5d3b741c0aad746f234a258f63d1.exe
          "C:\Users\Admin\AppData\Local\Temp\a7390e54a787b7452bd383c4e6de62194d3d5d3b741c0aad746f234a258f63d1.exe"
          3⤵
            PID:2108

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1204-3-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1204-5-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2104-0-0x00000000011A0000-0x000000000125E0E8-memory.dmp

        Filesize

        760KB

        Download

      • memory/2104-4-0x0000000000140000-0x00000000001FF000-memory.dmp

        Filesize

        764KB

        Download

      • memory/2104-6-0x00000000011A0000-0x000000000125E0E8-memory.dmp

        Filesize

        760KB

        Download

      • memory/2108-1-0x00000000011A0000-0x000000000125E0E8-memory.dmp

        Filesize

        760KB

        Download