Overview

overview

10

Static

static

1

0996766724211.exe

windows7-x64

7

0996766724211.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2023 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0996766724211.exe

  • Size

    674KB

  • MD5

    48b6438b9a73205e4355661cf7af25ef

  • SHA1

    99af68e1a2f540b66d34bffa8190eb61f04c8710

  • SHA256

    2370e801d06a0c4977bf64cdfec27714dc0bb7fe4a9e9944c9929a9807377f2c

  • SHA512

    4314d71000c478dd570fbb6e769689c4cbde097f294c27d205236263b09c4d5c30d1cc94cb0d237d5211f1ca9811d69298b0424cff6c530a2f20b7b45fd8bcd0

  • SSDEEP

    12288:Z1CSfMlEXU/uLHbXhIjThLOv8mcDrnxSfKzTcyxn:VfMlEbhIvhLOv8BDrnxSizoyxn

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0996766724211.exe
    "C:\Users\Admin\AppData\Local\Temp\0996766724211.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -windowstyle hidden $derremc = Get-Content 'C:\Users\Admin\AppData\Local\Temp\fiskeboller\tekstilfarverne\Synapsed114\Codewords.Tan' ; powershell.exe "$derremc"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsi3E88.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    35200be9cf105f3defe2ae0ee44cea12

    SHA1

    3f4a09eeb477d3f048cdfb848b95aa39b20d89dc

    SHA256

    0096ae873c75f4e4d802dc97eec9893acc0749a7346e63f25a8d52ba8e11c527

    SHA512

    f8f7d8a844d588c6e2d6dc54e0d4bcbb1c4229a6e8f4d110a5e3d47eb0b8b5e0860ff5d31762229a731e08d7b232468b2a78c29778a9f0c62a7381db89175833

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi3E88.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    35200be9cf105f3defe2ae0ee44cea12

    SHA1

    3f4a09eeb477d3f048cdfb848b95aa39b20d89dc

    SHA256

    0096ae873c75f4e4d802dc97eec9893acc0749a7346e63f25a8d52ba8e11c527

    SHA512

    f8f7d8a844d588c6e2d6dc54e0d4bcbb1c4229a6e8f4d110a5e3d47eb0b8b5e0860ff5d31762229a731e08d7b232468b2a78c29778a9f0c62a7381db89175833

    Download Submit

  • memory/2628-25-0x00000000738E0000-0x0000000073E8B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2628-26-0x00000000738E0000-0x0000000073E8B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2628-27-0x0000000002620000-0x0000000002660000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2628-28-0x0000000002620000-0x0000000002660000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2628-29-0x00000000738E0000-0x0000000073E8B000-memory.dmp

    Filesize

    5.7MB

    Download