Overview

overview

7

Static

static

3

13e80d3ee6...a8.exe

windows7-x64

7

13e80d3ee6...a8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 21:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    13e80d3ee65a3c5eb86db45ed2c41ba8.exe

  • Size

    298KB

  • MD5

    13e80d3ee65a3c5eb86db45ed2c41ba8

  • SHA1

    bdcbe3b7e78a8627988e6105900038925be01ccb

  • SHA256

    8f15f5210e14f3e434bc28ee453b32becab1a0fb7a26836658e4aa88e0c2c6d7

  • SHA512

    3ec8b718450c96c7402fd8bf41f243566cfc433debcccc1ce7b31d52867fe3f41a8cf909065290eea5d562b2018181eacbdf1d8c2da9bed0e4b9034e7c7c5a1e

  • SSDEEP

    6144:uRgtpldHfDWPkGkbjBFjSdeXQJMa0zkdrPW7B8DkGt9EnIcF6LI:GGfDWPkGkbjBhSdeXQJMDgDB9iIMsI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    PID:3024
  • C:\Users\Admin\AppData\Local\Temp\13e80d3ee65a3c5eb86db45ed2c41ba8.exe
    "C:\Users\Admin\AppData\Local\Temp\13e80d3ee65a3c5eb86db45ed2c41ba8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1644

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads