Overview

overview

10

Static

static

10

ShadowTag.exe

windows7-x64

7

ShadowTag.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2023 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ShadowTag.exe

  • Size

    13.2MB

  • MD5

    a64a50d764de2af1e198bfd517eec2f3

  • SHA1

    913b4cdc597642e4ac33e1a6526cd163f2bc29cb

  • SHA256

    4cbea24a8641dc763864ffe8a2d4ebfa3d7ea5eb7280a25edc0b2e3d4c6cdde3

  • SHA512

    efb92705d50713b06c208a308c0a8eee17c8b05c8622b0158c5974b89484739d2b48d96a860268d86afd5b51f715362542208a12b7e441c6d29d95d5ca3fa1a4

  • SSDEEP

    393216:BiIE7Yo9+4ucW+eGQRJ9jo7BGcGmY/dt1Wom2:u7r9+RcW+e5RJ9Mgpm2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ShadowTag.exe
    "C:\Users\Admin\AppData\Local\Temp\ShadowTag.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\ShadowTag.exe
      "C:\Users\Admin\AppData\Local\Temp\ShadowTag.exe"
      2⤵
      • Loads dropped DLL
      PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI19722\python312.dll
    Filesize

    6.6MB

    MD5

    5c5602cda7ab8418420f223366fff5db

    SHA1

    52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

    SHA256

    e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

    SHA512

    51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI19722\python312.dll
    Filesize

    6.6MB

    MD5

    5c5602cda7ab8418420f223366fff5db

    SHA1

    52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

    SHA256

    e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

    SHA512

    51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

    Download Submit