Overview

overview

7

Static

static

3

OneMacro_i...er.exe

windows7-x64

7

OneMacro_i...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 06:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OneMacro_installer.exe

  • Size

    18.2MB

  • MD5

    5c692d5d3c9a2af1d6e6ad85fd6ff385

  • SHA1

    d90d9cc4dd142a9bd6bd8c5f9708d9ecc980bbdc

  • SHA256

    6927ddd99834143d544e07691061a698bc5d2c0fcfd1cf64addec06df0194a13

  • SHA512

    42338932862777e0a853c1010d4c27aa7658309b7692f6a04916ad4a2ca5bbf30417316e232ec9f0f223d88bf51b9f95eec3478e3b10efce7f41bd677591e283

  • SSDEEP

    393216:dYPiccRZ1MXJM3TmOti1WXgK+YAPzjAOvUTPeF5PJyNOzwUsm:SPaRLPmki1fK+Y+zoeFlUcMUsm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OneMacro_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\OneMacro_installer.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Users\Admin\AppData\Local\Temp\is-PMM7J.tmp\OneMacro_installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-PMM7J.tmp\OneMacro_installer.tmp" /SL5="$3014E,18373118,964608,C:\Users\Admin\AppData\Local\Temp\OneMacro_installer.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-PMM7J.tmp\OneMacro_installer.tmp
    Filesize

    2.6MB

    MD5

    a1e197237eaf38df5ded34228f7f7188

    SHA1

    46bcf44e7d95c27429f087be58846c7ed04ba84f

    SHA256

    82c6527aa7d706ba30443a68909317711db464ee3a44c03671cc86bd51d969ed

    SHA512

    cb17991d0918145bd124a6a5311fca102504530aaf8dcfa54a7a0987016e4c9933535458228bd44014fab9feeda1b7fc13c4c5b342d462876039d29255f67f84

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-PMM7J.tmp\OneMacro_installer.tmp
    Filesize

    2.6MB

    MD5

    a1e197237eaf38df5ded34228f7f7188

    SHA1

    46bcf44e7d95c27429f087be58846c7ed04ba84f

    SHA256

    82c6527aa7d706ba30443a68909317711db464ee3a44c03671cc86bd51d969ed

    SHA512

    cb17991d0918145bd124a6a5311fca102504530aaf8dcfa54a7a0987016e4c9933535458228bd44014fab9feeda1b7fc13c4c5b342d462876039d29255f67f84

    Download Submit

  • memory/2456-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2456-12-0x0000000000400000-0x00000000006AF000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2456-13-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-1-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2952-10-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download