Overview

overview

7

Static

static

3

7caa9de9c0...32.exe

windows7-x64

7

7caa9de9c0...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2023, 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7caa9de9c0bff975dbdecef580da6310_exe32.exe

  • Size

    39KB

  • MD5

    7caa9de9c0bff975dbdecef580da6310

  • SHA1

    dc93e39a0a56bfaad9e71de57c004e23acc1aff1

  • SHA256

    9ab3b0f8b1c5928ed049a9b867e44ac89a532ff419267d30685b7f6ac0a7f1d9

  • SHA512

    2b61c5148110e73a97f6b9ac25ae75f3d93eecd7694e9ca395bc816ebaff07def4d080a001fcaf833f78d839a831aabba22853ec53ef4953ad0ac01d15f48f18

  • SSDEEP

    768:/zSJcDSWD6z3afvJc0cFOF+Mj0prJyokyWURPF8NQvUB8PAlN/mLc:/zLDSWmz3QJhcFOF+Mj0prJyokyWURP+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7caa9de9c0bff975dbdecef580da6310_exe32.exe
    "C:\Users\Admin\AppData\Local\Temp\7caa9de9c0bff975dbdecef580da6310_exe32.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Users\Admin\AppData\Local\Temp\rekgernel.exe
      C:\Users\Admin\AppData\Local\Temp\rekgernel.exe
      2⤵
      • Executes dropped EXE
      PID:3944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rekgernel.exe
    Filesize

    39KB

    MD5

    5f8f40e8b66f84c8a5b3e4c5ce3a024a

    SHA1

    adc322f4da716785689fe924ff0f0465f5d6665c

    SHA256

    6c56d4a32160b1b87675e701470a5312fa297f17707af55441f50f6a5056a575

    SHA512

    e1349d1d40f91bfea9fe7a23a653acba39222cfb5f09b23806e9cdc77fcd715af122d0077d4dd2e1597812b964588cc8d85238b8745912abb14fa8db7cad07a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\rekgernel.exe
    Filesize

    39KB

    MD5

    5f8f40e8b66f84c8a5b3e4c5ce3a024a

    SHA1

    adc322f4da716785689fe924ff0f0465f5d6665c

    SHA256

    6c56d4a32160b1b87675e701470a5312fa297f17707af55441f50f6a5056a575

    SHA512

    e1349d1d40f91bfea9fe7a23a653acba39222cfb5f09b23806e9cdc77fcd715af122d0077d4dd2e1597812b964588cc8d85238b8745912abb14fa8db7cad07a8

    Download Submit

  • memory/3944-5-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/5080-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download