Analysis
-
max time kernel
158s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
15-10-2023 19:41
Static task
static1
Behavioral task
behavioral1
Sample
9826e36707bc097369977f6955194930_exe32.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
9826e36707bc097369977f6955194930_exe32.exe
Resource
win10v2004-20230915-en
General
-
Target
9826e36707bc097369977f6955194930_exe32.exe
-
Size
71KB
-
MD5
9826e36707bc097369977f6955194930
-
SHA1
a110f145f541f0740af89ab7d6e62a5060d17260
-
SHA256
dc0abba7c379cfc7aaf775875bc51893790defdbe33a6176b3419fa004d8eab3
-
SHA512
cb74d8a9817a9c205631650ffb661f025ca400e8f4f455cc8345f3af4c4057c9b35300229a4118036cba4f24b37f996a9c3a9db265d31f1642e9fe695c759dc0
-
SSDEEP
1536:0M0yNStPY+z0mHkGDcfcQfNWbh8UH9SZ47Qn/a91:tylY+zlDcfceeH9SZ4uav
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3752 olacweegim.exe -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 33 checkip.dyndns.org -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2848 wrote to memory of 3752 2848 9826e36707bc097369977f6955194930_exe32.exe 82 PID 2848 wrote to memory of 3752 2848 9826e36707bc097369977f6955194930_exe32.exe 82 PID 2848 wrote to memory of 3752 2848 9826e36707bc097369977f6955194930_exe32.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\9826e36707bc097369977f6955194930_exe32.exe"C:\Users\Admin\AppData\Local\Temp\9826e36707bc097369977f6955194930_exe32.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Users\Admin\AppData\Local\Temp\olacweegim.exeC:\Users\Admin\AppData\Local\Temp\olacweegim.exe2⤵
- Executes dropped EXE
PID:3752
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD546b4325e18f0a978c475f8d0dd667072
SHA102aeb724af069ae588c696436585f4a3142f689b
SHA25636780ffc660c3f7516548bc28221619455192c30d7ffabd623f9c1f1651a95b5
SHA5129443ab290c2524e8602104c2e10af4af96b6fa6b193e4b23555c132797f207715a1048eb0ad2cb0495b37fc890ae7df17fb54090b57a13b4e86e50f4419fb4c6
-
Filesize
72KB
MD546b4325e18f0a978c475f8d0dd667072
SHA102aeb724af069ae588c696436585f4a3142f689b
SHA25636780ffc660c3f7516548bc28221619455192c30d7ffabd623f9c1f1651a95b5
SHA5129443ab290c2524e8602104c2e10af4af96b6fa6b193e4b23555c132797f207715a1048eb0ad2cb0495b37fc890ae7df17fb54090b57a13b4e86e50f4419fb4c6