Overview

overview

7

Static

static

3

OneMacro_i...er.exe

windows7-x64

7

OneMacro_i...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    183s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 06:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OneMacro_installer.exe

  • Size

    18.2MB

  • MD5

    5c692d5d3c9a2af1d6e6ad85fd6ff385

  • SHA1

    d90d9cc4dd142a9bd6bd8c5f9708d9ecc980bbdc

  • SHA256

    6927ddd99834143d544e07691061a698bc5d2c0fcfd1cf64addec06df0194a13

  • SHA512

    42338932862777e0a853c1010d4c27aa7658309b7692f6a04916ad4a2ca5bbf30417316e232ec9f0f223d88bf51b9f95eec3478e3b10efce7f41bd677591e283

  • SSDEEP

    393216:dYPiccRZ1MXJM3TmOti1WXgK+YAPzjAOvUTPeF5PJyNOzwUsm:SPaRLPmki1fK+Y+zoeFlUcMUsm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OneMacro_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\OneMacro_installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Users\Admin\AppData\Local\Temp\is-K1QLE.tmp\OneMacro_installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-K1QLE.tmp\OneMacro_installer.tmp" /SL5="$8011A,18373118,964608,C:\Users\Admin\AppData\Local\Temp\OneMacro_installer.exe"
      2⤵
      • Executes dropped EXE
      PID:4256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-K1QLE.tmp\OneMacro_installer.tmp
    Filesize

    2.6MB

    MD5

    a1e197237eaf38df5ded34228f7f7188

    SHA1

    46bcf44e7d95c27429f087be58846c7ed04ba84f

    SHA256

    82c6527aa7d706ba30443a68909317711db464ee3a44c03671cc86bd51d969ed

    SHA512

    cb17991d0918145bd124a6a5311fca102504530aaf8dcfa54a7a0987016e4c9933535458228bd44014fab9feeda1b7fc13c4c5b342d462876039d29255f67f84

    Download Submit

  • memory/904-1-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/904-7-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/904-8-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4256-6-0x0000000000B80000-0x0000000000B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4256-9-0x0000000000400000-0x00000000006AF000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4256-10-0x0000000000B80000-0x0000000000B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4256-13-0x0000000000400000-0x00000000006AF000-memory.dmp

    Filesize

    2.7MB

    Download