Overview

overview

10

Static

static

1

breakdown ...rt.exe

windows7-x64

7

breakdown ...rt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    24s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2023 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    breakdown confirmation dk transport.exe

  • Size

    331KB

  • MD5

    ffb5942257739fbfae0945ac0abff87d

  • SHA1

    a46905e807670eac4377a7d85d6be997bb369fa2

  • SHA256

    75a14fd568ca466ad9c8ec045fa133798dc93fbc96cfc93a27bee766460ef7b6

  • SHA512

    6f9a56532af9763fc7b2da78507485c511c5495438507ab70dfb1f649e4c130d005bc22790e8fed19313206f56a034c198702f69c7f06b8b3e23a117425b17d8

  • SSDEEP

    6144:0VGdx6xAZFn+coaljg+P6WHxYLMMAlbV0ZIwOkaMPuLOfu+dENnnbIAtdx4hj+x+:IyZFn+itXHx7MArgaVLOW+d8nbIA+kE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\breakdown confirmation dk transport.exe
    "C:\Users\Admin\AppData\Local\Temp\breakdown confirmation dk transport.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 496
      2⤵
      • Program crash
      PID:2628

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsj5F60.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    3dd80dff583544514eeb3a5ed851a519

    SHA1

    56f7324d9d4230c96d1963e7b3e02b05a6cf5c24

    SHA256

    86cff5eaca76c49f924cb123d242fdcfd45ab99c4b638d3b8f4a8cfb1970ab5b

    SHA512

    955f4df195b5d134449904e9020f80125cfb64d70d9482ff583451f3fcb10d15577ceac4180f71a96452d8478f6365160ab15731f9a79a494383087c9310fd1d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsj5F60.tmp\System.dll
    Filesize

    11KB

    MD5

    75ed96254fbf894e42058062b4b4f0d1

    SHA1

    996503f1383b49021eb3427bc28d13b5bbd11977

    SHA256

    a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

    SHA512

    58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsj5F60.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    3dd80dff583544514eeb3a5ed851a519

    SHA1

    56f7324d9d4230c96d1963e7b3e02b05a6cf5c24

    SHA256

    86cff5eaca76c49f924cb123d242fdcfd45ab99c4b638d3b8f4a8cfb1970ab5b

    SHA512

    955f4df195b5d134449904e9020f80125cfb64d70d9482ff583451f3fcb10d15577ceac4180f71a96452d8478f6365160ab15731f9a79a494383087c9310fd1d

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsj5F60.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    3dd80dff583544514eeb3a5ed851a519

    SHA1

    56f7324d9d4230c96d1963e7b3e02b05a6cf5c24

    SHA256

    86cff5eaca76c49f924cb123d242fdcfd45ab99c4b638d3b8f4a8cfb1970ab5b

    SHA512

    955f4df195b5d134449904e9020f80125cfb64d70d9482ff583451f3fcb10d15577ceac4180f71a96452d8478f6365160ab15731f9a79a494383087c9310fd1d

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsj5F60.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    3dd80dff583544514eeb3a5ed851a519

    SHA1

    56f7324d9d4230c96d1963e7b3e02b05a6cf5c24

    SHA256

    86cff5eaca76c49f924cb123d242fdcfd45ab99c4b638d3b8f4a8cfb1970ab5b

    SHA512

    955f4df195b5d134449904e9020f80125cfb64d70d9482ff583451f3fcb10d15577ceac4180f71a96452d8478f6365160ab15731f9a79a494383087c9310fd1d

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsj5F60.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    3dd80dff583544514eeb3a5ed851a519

    SHA1

    56f7324d9d4230c96d1963e7b3e02b05a6cf5c24

    SHA256

    86cff5eaca76c49f924cb123d242fdcfd45ab99c4b638d3b8f4a8cfb1970ab5b

    SHA512

    955f4df195b5d134449904e9020f80125cfb64d70d9482ff583451f3fcb10d15577ceac4180f71a96452d8478f6365160ab15731f9a79a494383087c9310fd1d

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsj5F60.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    3dd80dff583544514eeb3a5ed851a519

    SHA1

    56f7324d9d4230c96d1963e7b3e02b05a6cf5c24

    SHA256

    86cff5eaca76c49f924cb123d242fdcfd45ab99c4b638d3b8f4a8cfb1970ab5b

    SHA512

    955f4df195b5d134449904e9020f80125cfb64d70d9482ff583451f3fcb10d15577ceac4180f71a96452d8478f6365160ab15731f9a79a494383087c9310fd1d

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsj5F60.tmp\System.dll
    Filesize

    11KB

    MD5

    75ed96254fbf894e42058062b4b4f0d1

    SHA1

    996503f1383b49021eb3427bc28d13b5bbd11977

    SHA256

    a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

    SHA512

    58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsj5F60.tmp\System.dll
    Filesize

    11KB

    MD5

    75ed96254fbf894e42058062b4b4f0d1

    SHA1

    996503f1383b49021eb3427bc28d13b5bbd11977

    SHA256

    a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

    SHA512

    58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

    Download Submit