Overview

overview

7

Static

static

3

518f35c382...6d.exe

windows7-x64

7

518f35c382...6d.exe

windows10-2004-x64

Analysis

  • max time kernel
    148s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 15:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    518f35c3820d178597036943e281bf6d.exe

  • Size

    404KB

  • MD5

    518f35c3820d178597036943e281bf6d

  • SHA1

    5b3ccb6c1822ecd65029cfe5540d8ad42c36d961

  • SHA256

    cebaa3f3a653be3dd1698cee441de05354679b0288191f46ceee8b268303b18a

  • SHA512

    c979f6d77046278e3a64e9273a0e6f3939418cf15af0b7911cad41ccaf7d2ec9153e22c59d105c7c59c17f5876a2618c9815b4b05d1be3e42cb016959e1fee17

  • SSDEEP

    6144:4jlYKRF/LReWAsUyfynU2AaXwjRrjORjeegUVH2zfKEQGgiOtvpS6BtRI8FXeIoj:4jauDReWFzlUVwUpxI8UIzC

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\518f35c3820d178597036943e281bf6d.exe
    "C:\Users\Admin\AppData\Local\Temp\518f35c3820d178597036943e281bf6d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\ProgramData\nqqiw.exe
      "C:\ProgramData\nqqiw.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2308

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Documents and Settings .exe
          Filesize

          404KB

          MD5

          a486a8bd429d7e3e83299dbf0e6e2df1

          SHA1

          0031991d40c252ee8bee309160b92a4d64220108

          SHA256

          c3b9fc88b3370d87305eef003832c0db0e2082b82748c5cb30b4b3a134eb2315

          SHA512

          8bb203ef933036bf90ea3eb721ab79e9f5fff9fbeb66169e345035b346f06badf4e2c6b2093de3ab28d52b057ef4dea5d92d0a802b8a37f538da761831390e77

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          136KB

          MD5

          cb4c442a26bb46671c638c794bf535af

          SHA1

          8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

          SHA256

          f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

          SHA512

          074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

          Download Submit

        • \ProgramData\nqqiw.exe
          Filesize

          267KB

          MD5

          252ced8d1aae607b15b2aaf419993f73

          SHA1

          e961134e8b14a92558ef2b30a85dce0892149f53

          SHA256

          02b6ab586930c4087b6c024e5e005d505b01a6e4f65f8e28b66656d2bb7f9897

          SHA512

          6252a2861fa04151318e07ede4002f4190758fa5b600212a4861e4682c17691cb813c956596a13bcbf95bba946d257860378de2f1c887c9550d24f68aafe0620

          Download Submit

        • memory/1748-0-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/1748-1-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/1748-14-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/2308-133-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download