Overview

overview

7

Static

static

3

41be304984...0f.exe

windows7-x64

7

41be304984...0f.exe

windows10-2004-x64

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 14:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    41be304984117f87e0832bea0fac700f.exe

  • Size

    71KB

  • MD5

    41be304984117f87e0832bea0fac700f

  • SHA1

    bf97245437b7628322d608587016ae2ce833a665

  • SHA256

    09a80b83bc64bd40a633fc03466777d77eeafbc230ea78c39e4b5ec0f220e80a

  • SHA512

    34b5902d0239d36259ab7725aee102493993f339101dffe911bef8243c8b0d645354acf53ebb49e05c29e296c7db01cdef6302840857dd274b04dad8d60120b3

  • SSDEEP

    768:EsJhM/47dTkc8jmiG/7H1SE3KGdA6jVS2bnKHtIGA8/nVNEcoX7zPjqEiQv4wz:EAA4R43e/7VOEjs2FRP2EJv4s

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wujek.exe
    "C:\Users\Admin\AppData\Local\Temp\wujek.exe"
    1⤵
    • Executes dropped EXE
    PID:2608
  • C:\Users\Admin\AppData\Local\Temp\41be304984117f87e0832bea0fac700f.exe
    "C:\Users\Admin\AppData\Local\Temp\41be304984117f87e0832bea0fac700f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2596

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\wujek.exe
          Filesize

          71KB

          MD5

          f65988bbb16e58c628a9bedb76df568c

          SHA1

          b927fa9a775fc6339d4b7f0b5a5078c50a631617

          SHA256

          06ee24bef9c7c83edff4553289bdbfdaf295c440e8170759f680bc26dbe72306

          SHA512

          0fc0bcb48605832ed6ede06f4da4cd4a68c7e2c56a37db1d04e270ec68ff94f11a400b5b26464bfa55b3402ac833f06aa356e0a2bd4d9288f44d8ec967b029c1

          Download Submit

        • memory/2596-1-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2608-11-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB

          Download