Overview

overview

10

Static

static

3

Dope V2.exe

windows7-x64

10

Dope V2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2023, 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dope V2.exe

  • Size

    1.6MB

  • MD5

    17b14f686c490664e573fa23dcfbbe09

  • SHA1

    bc1254a189dcf25041770db892ed586a2d845cdd

  • SHA256

    c91a8bb6df164cc9e6d39947eceb9217a8eb928625d226f7b96b5cce99e42a4d

  • SHA512

    8c8fb386f438ab1cdf911fd4b94f573e16f79323c56fd17fbf3307be8609788ae90ac0c3b1ebb9011578d670d12d159ea808ce5daef5eb318101d0b0ee6edbe2

  • SSDEEP

    24576:s7FUDowAyrTVE3U5F/insKic6QL3E2vVsjECUAQT45deRV9RS:sBuZrEUisKIy029s4C1eH9s

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Dope V2.exe
    "C:\Users\Admin\AppData\Local\Temp\Dope V2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:436
    • C:\Users\Admin\AppData\Local\Temp\is-3JMHK.tmp\Dope V2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-3JMHK.tmp\Dope V2.tmp" /SL5="$70226,832512,832512,C:\Users\Admin\AppData\Local\Temp\Dope V2.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      PID:3412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-3JMHK.tmp\Dope V2.tmp
    Filesize

    3.1MB

    MD5

    42d51d0b0d82229faf396d12685aafed

    SHA1

    8c4507994a59ebc1e7a24bee762962e6e42c1e71

    SHA256

    9b436518b15a7b9076def39f588f46a9004cb391b4cd871073fccee68966a94b

    SHA512

    bfc83fb5925bbe4fca35cc743a6aac305ba4b84fc3ee7ab95a0177c090030bc187e2710bdb9cee783dcd9f13d6a533188469a4921e479bcd54bb314826e01c46

    Download Submit

  • memory/436-0-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/436-7-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/3412-5-0x0000000000D40000-0x0000000000D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3412-8-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3412-11-0x0000000000D40000-0x0000000000D41000-memory.dmp

    Filesize

    4KB

    Download