40c1987c83c2dcadecdf70f8bd0330f0d8ccdb26b6dc81de8b041e5096ee277f

Resubmissions

18/11/2023, 13:02

231118-p99xhseb96 7

18/11/2023, 13:00

231118-p8q31sfa9y 7

Analysis

max time kernel
31s
max time network
16s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
18/11/2023, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mesagerie.exe
Size

51.4MB
MD5

689e611e1aa281deedfab900e57ae303
SHA1

766e01216ea98d125d3e79b70c3a0b33588021da
SHA256

40c1987c83c2dcadecdf70f8bd0330f0d8ccdb26b6dc81de8b041e5096ee277f
SHA512

af1a98e5d87fc060f8c1eceecf953b7dc76c26f1198500c574496bae26dce7f937fa35ef55021ca9fc4704154b34972f8b1fa2f8f72b193a72ecc069ed68649b
SSDEEP

196608:5QPz129Mvru1+hux/uPTcQK/ZjWwQmSCB3Kmlsqyf4eRhtJ5B46MDoU4mAWZRQ3q:FSa1+hW/X/lWSB7lsjweSZ547WZ/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2468	NewAppToRevEngineer.exe

Loads dropped DLL 1 IoCs

pid	Process
2732	mesagerie.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2468	2732	mesagerie.exe	28
PID 2732 wrote to memory of 2468	2732	mesagerie.exe	28
PID 2732 wrote to memory of 2468	2732	mesagerie.exe	28
PID 2732 wrote to memory of 2468	2732	mesagerie.exe	28
PID 2732 wrote to memory of 2468	2732	mesagerie.exe	28
PID 2732 wrote to memory of 2468	2732	mesagerie.exe	28

C:\Users\Admin\AppData\Local\Temp\mesagerie.exe
"C:\Users\Admin\AppData\Local\Temp\mesagerie.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\Temp\mesagerie_4aa2761b-b434-4d54-820a-f32a1ac50b58\NewAppToRevEngineer.exe
  "C:\Users\Admin\AppData\Local\Temp\mesagerie_4aa2761b-b434-4d54-820a-f32a1ac50b58\NewAppToRevEngineer.exe"
  2⤵
  - Executes dropped EXE
  PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mesagerie_4aa2761b-b434-4d54-820a-f32a1ac50b58\NewAppToRevEngineer.exe

Filesize
13KB

MD5
e92638efbd66d018f64ecfeaf17c0210

SHA1
cb6072202d2482f1b24d4ba390e0be63fe950890

SHA256
0241addef311706749fa3a67d9e69ff146bbdd590ece6f4d2644a2ec62582d1e

SHA512
ef0808a12f174f0df2d0adaf34506254aea532beefe50ae81e73e0ed1b684bdd01b9e142e01f36cf924c4bb37fe0f16faad2e73c3ccf2ae18edf890192568499

Download Submit
C:\Users\Admin\AppData\Local\Temp\mesagerie_4aa2761b-b434-4d54-820a-f32a1ac50b58\NewAppToRevEngineer.exe.config

Filesize
1KB

MD5
f474024ff9c791e416dc815401211d4d

SHA1
a77db60677a11b4903307cf0d7d40e917e73b28d

SHA256
9af499a6b5862afa746b587c76f4851dc19f5a46192296cde13bda11b5cc90ec

SHA512
6ce11a05c1bd403403252c0598a1d257c0b5c0d975aae82176d017b51d7d8d716b6bbc8162326e842a39472d24797608ab70cbefdb6998b4b6cd64f07fc13ca0

Download Submit
\Users\Admin\AppData\Local\Temp\mesagerie_4aa2761b-b434-4d54-820a-f32a1ac50b58\NewAppToRevEngineer.exe

Filesize
13KB

MD5
e92638efbd66d018f64ecfeaf17c0210

SHA1
cb6072202d2482f1b24d4ba390e0be63fe950890

SHA256
0241addef311706749fa3a67d9e69ff146bbdd590ece6f4d2644a2ec62582d1e

SHA512
ef0808a12f174f0df2d0adaf34506254aea532beefe50ae81e73e0ed1b684bdd01b9e142e01f36cf924c4bb37fe0f16faad2e73c3ccf2ae18edf890192568499

Download Submit
memory/2732-1-0x0000000074BD0000-0x00000000752BE000-memory.dmp

Filesize
6.9MB

Download
memory/2732-0-0x0000000000320000-0x000000000036A000-memory.dmp

Filesize
296KB

Download
memory/2732-2-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download
memory/2732-3-0x0000000000580000-0x00000000005A4000-memory.dmp

Filesize
144KB

Download
memory/2732-99-0x0000000074BD0000-0x00000000752BE000-memory.dmp

Filesize
6.9MB

Download
memory/2732-100-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads