Overview

overview

10

Static

static

3

INVO98765678000.exe

windows7-x64

10

INVO98765678000.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 06:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    INVO98765678000.exe

  • Size

    656KB

  • MD5

    0058da743288cb67e15afbfcb0ab6e1a

  • SHA1

    99cde8486c006b735d1d5111d493303291a847fb

  • SHA256

    412c4f354965eb514a79001b512c70e8d36e1d443fe599aca0916893eab369ef

  • SHA512

    b0cb8a7279ad0e8e49b8b84738e009e93cc2e1e02a909ac88d929a374ff1e6aaa470c5226fcfe24969b4993a7d989a36432d948e1516635e32a1a79d1c06a966

  • SSDEEP

    12288:RaoPTJIU4nr5Kfe8tNCqrKgj65I9ra/Q/fGHAW3A79hRff/aY:RDPFv4nVB8tNCqmgj6Ua/Q/fL97f6Y

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\INVO98765678000.exe
    "C:\Users\Admin\AppData\Local\Temp\INVO98765678000.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Users\Admin\AppData\Local\Temp\deaegyz.exe
      "C:\Users\Admin\AppData\Local\Temp\deaegyz.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4500
      • C:\Users\Admin\AppData\Local\Temp\deaegyz.exe
        "C:\Users\Admin\AppData\Local\Temp\deaegyz.exe"
        3⤵
          PID:1028
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 676
          3⤵
          • Program crash
          PID:2612
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4500 -ip 4500
      1⤵
        PID:2584

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\deaegyz.exe
        Filesize

        478KB

        MD5

        49900e1a853294ac5e03deb77c041e08

        SHA1

        0c5b28c9caa6597dd4112772e973faad121aff55

        SHA256

        148662d819b02305d0eb2c78630e218985ce18529a3729ca1aa4d8926b75e5af

        SHA512

        34cb6dce4838bf1b6524e24082f133ceab731198f20af3296ae2103fbaf56e0940164208f17d7bf2593181ade88dd042e29e2fd44d5f4b929606013543b5daf8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\midxwnqijin.ekx
        Filesize

        502KB

        MD5

        7d70dc74b5036e3ff3def409ea47f343

        SHA1

        28bbf40d20d3584e242f457656e21366fc224566

        SHA256

        320e5916c90f41b7405e1be314e9abbbe9fd3177874bbaf9748cc7261e794427

        SHA512

        9556bee30d7f45c94bb25443e4bf0ddfeda9e245fc6b95de6a03e17d11061956e132cbc8774c825b0197f9df4e12f300d406fb3007ce5f1374099b6036205160

        Download Submit

      • memory/4500-5-0x0000000000A50000-0x0000000000A52000-memory.dmp

        Filesize

        8KB

        Download