Overview

overview

10

Static

static

10

38d03a8b56...40.exe

windows7-x64

7

38d03a8b56...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2023 02:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840.exe

  • Size

    38.8MB

  • MD5

    60afb2afc7a84f42329e87fccf8e21dc

  • SHA1

    59514bcfecd53e8a9619f420b00e2d00f9552ac0

  • SHA256

    38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840

  • SHA512

    c4c8c7789037ece28f8fe799c4f512bf6c8246f5e6672f6a0567e74c7f91da84c172ebfb5ee0aa8707322fbb63563caee38b85f1696ecbb67f8c75b4ab415c94

  • SSDEEP

    393216:p+tYgsxPOzdUaOoVLB0lrwKP8OVTKLbBbD90NkVbUsTIDoL8qts5sl:UY5kOlr/9TKLbB3VaqR

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840.exe
    "C:\Users\Admin\AppData\Local\Temp\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840.exe"
    1⤵
    • Loads dropped DLL
    PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\Microsoft.Win32.Primitives.dll
    Filesize

    7KB

    MD5

    8d41f9009844e3407a1e3d4a2ef0aa8c

    SHA1

    8f40d3bc455820acc205b9c15febe9b6b986a155

    SHA256

    6774e830aeb8413761b0e0d716354644c283af35430fdbc86617f1253a3ccff0

    SHA512

    90ac0505b6304360e0f455f9566b199297350d89f662fcd7d47ac8d3306e995bf1ea61ce25a5f83bd27b0534d1a5f9444d3005e6ec5959146570a312418a8546

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\RWDWrapper.dll
    Filesize

    143KB

    MD5

    82749f7dc6e64dae85614d95beecdec4

    SHA1

    c931839190343154b1dcb2f6bd0374aa4bcceec0

    SHA256

    55e21c4b97ef6ea7c4b01e38427a0a271b0ee7a91ca4aca4a4f78622d1459720

    SHA512

    fadbad9ba67a766f293b9d77d7d75cf00ab11598d0142bf0c50b67fbfbf689b26f8dff72fbcbdc3b02ff763ef36defdfa5b27294e6352cfde383714b5dde2814

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.ComponentModel.Primitives.dll
    Filesize

    20KB

    MD5

    0c9845f41513a2631dcf42450688a37e

    SHA1

    bd229b06b21d76066eb88f3228b09c8db89958c0

    SHA256

    161fababb5153bafdbf7f44e4cfc2ae871d99c4d70db19e29ffe37726c81e61f

    SHA512

    9a54cdae021d54e5585c5bd926c9ba6f9a2568480985d57f5da5bc8d13535516d81fbde563dad476203c47b3754072ded01fe61ca85624120767d291b0e98366

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Console.dll
    Filesize

    61KB

    MD5

    e58dd22613bc197df11ed11216b55bab

    SHA1

    41e1749ecf1d5ac07c9246e4a8540ed9dba35bc6

    SHA256

    3655e6959628574de2c73654e8c68fe0347851032ef3035b40e5e9e8e193b31a

    SHA512

    baf66148773310e49b12982db8215459d9f6a528b4fe0f917b5a865ce4dc45ef71f37b0d02f4c6ef2ab6e29c96e8806ef1c19e20f5f7df4a9562c63318afbbaa

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Diagnostics.Process.dll
    Filesize

    102KB

    MD5

    6a98818f32f106020784cc241f7686f5

    SHA1

    1111531dd9b45766ad14c8be21c5f518ca8b2386

    SHA256

    953a575cf40f5601fcf87e56e165dfab1f4939edf7d0d8d0ed0f4c13c33a8ef9

    SHA512

    664869eedea023ba672a9b88b59fb6d0e80f60aaa2c331d6c869f30ba131025c95a737212cd55bd7e19c4129652b9f3daceb74358276b65fca9eb4432fa38974

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.IO.FileSystem.dll
    Filesize

    83KB

    MD5

    2332d90506ceccfdb300e74c9c3c2ab2

    SHA1

    05c0663eba2c20ed5f3091fad3e47c69b65fa391

    SHA256

    6d032b47e4f85aeb52ceab958bace26aa65243894ab09c1cd9fb712ca0f45f58

    SHA512

    c9548a28cae3ba6ba723e31ede90fdd9dfd9fade725aa9605de6d069420425f4848eb3a936d78c3a24e495bee66f9b0080566046a2543f2308ce1da1203b050f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Private.CoreLib.dll
    Filesize

    977KB

    MD5

    a7e7b37fbddb918aeede2ffcb63b13db

    SHA1

    c17b62b47c487ef523ff769860f30dde185e915f

    SHA256

    31eea39197ccfe0bdb28feddb6a453097ed9da038fba9d2af162e3641da9dd01

    SHA512

    927c65c4e525034e7ca702733a8e5274943d21ad10741e94747970479be4e091095ea68db6dba31a3cd90ed1f30ca5165afcb24860a591c12dfca976754d6153

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Security.Claims.dll
    Filesize

    37KB

    MD5

    66986baf160237749a1e80b1535d0f8b

    SHA1

    8896b7b59793fb06d52e0fce5d1fdf1f5aefe694

    SHA256

    cd05e15b32f9e9a45fc5730708d979a41da43893e9d3eb9509a6e88db104b9f6

    SHA512

    288af028476c46b95e5d744532e36f83ca4952656c7e9e321de5c6e1c1b956dc88f2dcd846b61a0aa3211686dccbe8fbe75032ee8d6bdab853cfe45347cfa4b6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\System.Security.Principal.dll
    Filesize

    14KB

    MD5

    38f2196ef024547c680d5e5e0673e611

    SHA1

    203c625ab917bea623a24a7f0f4a44be18af865c

    SHA256

    2c766be11c8b9ca8f1c838ea74972aca1c51c96ee14ea1911b0c13a1fd456368

    SHA512

    8e05af95ccb9b4d4cc999a9ad9d2a3d76b193e4860a4ed31f4c31577fe7aef742aa17410824c54868277d8cc0d07cd25183caf9fac45747301e7982f5d081c15

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\api-ms-win-crt-utility-l1-1-0.dll
    Filesize

    18KB

    MD5

    54f27114eb0fda1588362bb6b5567979

    SHA1

    eaa07829d012206ac55fb1af5cc6a35f341d22be

    SHA256

    984306a3547be2f48483d68d0466b21dda9db4be304bedc9ffdb953c26cac5a1

    SHA512

    18d2bdce558655f2088918241efdf9297dfe4a14a5d8d9c5be539334ae26a933b35543c9071cedada5a1bb7c2b20238e9d012e64eb5bbf24d0f6b0b726c0329d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\clrjit.dll
    Filesize

    663KB

    MD5

    e806c038660a3877707caeeb7751048b

    SHA1

    641c172f447093a8f6a566eb944fa2c5eb228775

    SHA256

    6429480a7c04b850f65fb9b1ffb54be7b5050f7c93cc324587fe954722617cb7

    SHA512

    6a14f6252e5d6091d4236179e0f441174efd404dd1e469f629247e179d732ae1e86afa24ed2b9a96a13bafd60cef39cf759b765c0147b8bd42127f04f81e2113

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\coreclr.dll
    Filesize

    2.8MB

    MD5

    62bfee801e52bcde3f8c76b171c273a7

    SHA1

    fcaccca3d95396fba25a04d94e38ccb98dd688f7

    SHA256

    f08bbac085a9140ae393a8e87234a85570d4cd36693b2877439f5d0864b31a96

    SHA512

    c48602cce7d82aa2047d5ac13752b214f64a8ee4d592d1b8b4e7936be13aa1c251b26a2323c6c443ec5d14676a4a1c3415905a107c673bd82932ec59a2a52f81

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\hostfxr.dll
    Filesize

    586KB

    MD5

    f2ba4fd414a6a1a698b20768e3dce4b6

    SHA1

    f4a4082454fdbd64043b7a9abd89def9622949ab

    SHA256

    4996064bf4462a05f66995a1cfa92856783134b520e6f3098b85dad57e0dce44

    SHA512

    a4b9fc9d30c72ace970e82988cee49c9da2ecca813c01933d25b175cc57f9d68d61466f35ecc4754ce6cb4ea5563e533e09821e2fab461341f2e909114069652

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\38d03a8b567a0b8c49007d92e880449ec695ffe96925154523ec30dddd954840\ndt0ea0c.vsi\hostpolicy.dll
    Filesize

    577KB

    MD5

    1d98c4642c5df87d02122a5d1b76aac0

    SHA1

    f8790ac5b9a97182130fb18da2fa74eef4ef1d18

    SHA256

    8fd5bc9fe7eec0a06aea516e98c239a548060ede87126f077d3bf811c412fa5c

    SHA512

    ee17d6c1bb52ac68c1deeb6ac25b2b65b3725828efc184809f80ab20a26bcbb001677ed3ab45bcfa3a372cd4e65bebe8c9c901d96da277fc727c2f0d6df89b0b

    Download Submit

  • memory/2028-158-0x000007FEF5FA0000-0x000007FEF650F000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2028-171-0x000007FEF5FA0000-0x000007FEF650F000-memory.dmp

    Filesize

    5.4MB

    Download