Overview

overview

7

Static

static

3

093482ba49...ee.exe

windows7-x64

7

093482ba49...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 17:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    093482ba49649454005a286b63314bee.exe

  • Size

    120KB

  • MD5

    093482ba49649454005a286b63314bee

  • SHA1

    4418282b6a8ff59b14f34bc7a0b0deabb61af1f0

  • SHA256

    77e515cd40dba7f6d5389f0b4547e056c3d26373ee9d7878d4d0836fb2487d73

  • SHA512

    3de62cfd5b7c0abae9d8b28d478eed18db8cbfebe0b7c6f80f1c4f6d3da7e7fcd4616f424e41f0b01ee6847f9ee276cc2d62a1fa3c63252108b89d569f6f34a2

  • SSDEEP

    1536:/SjaDCgzh/pwY5tk+Xdu1jozq3z1bBR9CgGEi1xtTucxLCdP0YuYQGu41XAtt:Djoqtk4du1vJ5l7i1zLcMYuYBCH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\093482ba49649454005a286b63314bee.exe
    "C:\Users\Admin\AppData\Local\Temp\093482ba49649454005a286b63314bee.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\2.exe
      "C:\Windows\2.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2492
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 148
    1⤵
    • Program crash
    PID:2288

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\2.exe
          Filesize

          45KB

          MD5

          78fc9cccfb9b443b4ec20e0e9cceec16

          SHA1

          bd85f68629222166d3618f7abb8eaa625ad2d361

          SHA256

          18a93c6485ea3b26288a06bd71b89ec6935ed11d992becbe2ccc98b7bc98c995

          SHA512

          125793b9cb9c87329b4931707f86cc562b5b87f936d2e16a83e8b1e28d963200439f29699f6dedeb2607f6b18712f196566b594e5494b2d502f50dd9f09f1698

          Download Submit

        • C:\Windows\2.exe
          Filesize

          24KB

          MD5

          49c318a4db52730bd3454e9af606b42e

          SHA1

          b1b37158cf5f2f5cd755e7f8ac084d367519eb19

          SHA256

          35e848c4c666cc8a1abbd56bb748e19145ca298ca87e723134a41884ee75900f

          SHA512

          3e64275840f4b6345135340659bcd13dc15e479e56df65ca1c2e242e82bd21135cce06f20736cdda22a74ab491b997cef7b2acb1941395044616419d35597835

          Download Submit

        • memory/2232-5-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download