Overview

overview

7

Static

static

1

408861626b...5e.exe

windows7-x64

7

408861626b...5e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    114s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    408861626b80bbcafa2928327334785e.exe

  • Size

    392KB

  • MD5

    408861626b80bbcafa2928327334785e

  • SHA1

    98dad5249f31addb4c6e370c801f59623bb749ca

  • SHA256

    16cf16d7081107e4e2b55ffa4fa8d279b435466519f36aaf33fdfe203226eb6f

  • SHA512

    496d92a3ca93d60d26ed3e4d56bd89709884d6a7ef859b45c77472dad172fe92ece6894f7293cea7dcda827ca4310b283bdec748fec160799a06b326de499444

  • SSDEEP

    6144:1Rgym92YGB+40vPLGPACNQjwhAAdziJOP4XkFN+G5ply43vNRNByTb7NF31NhB:H6fu+40vPy/JzoDUpL3vNRM91X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\408861626b80bbcafa2928327334785e.exe
    "C:\Users\Admin\AppData\Local\Temp\408861626b80bbcafa2928327334785e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Users\Admin\AppData\Local\Temp\7zS5BA7.tmp\winvnc.exe
      .\winvnc.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS5BA7.tmp\background.bmp
    Filesize

    1KB

    MD5

    6ce6e5fcf1a56b80f4ffa6f685d4329d

    SHA1

    91780868c241e83754003855407805c0cda20254

    SHA256

    6fcc92e281d25569d300297ef79a5796bc5e0c226aa35624dd6a9f38b8413402

    SHA512

    7af21c8840f56c5ded22161504dd3d6c282ad83a0fb1f711fccfc7d87676de3036120e60e2c0e57fb998a0dcfe512950d3f16e0bdcb493d37a681f31b8cb399f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5BA7.tmp\helpdesk.txt
    Filesize

    1KB

    MD5

    68591666d18e91f46b147fbcf71408e1

    SHA1

    b4755f8c2c1c043979c953b8d1778565bfab06d2

    SHA256

    b89639dba499cc8a3e80f512a23f760f78123f1935360e9d15ea883035f5490c

    SHA512

    2a76f3de2570ff415d47bdd8ddcbdae8fdbf6607070f08b534a99b08b0a6ea2b02f819c59c270ad7bbe051163c731614f9fcc1a84195c2934defab6c3269767b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS5BA7.tmp\logo.bmp
    Filesize

    103KB

    MD5

    c82f3545906027613f086183a43abeaf

    SHA1

    a666b1c5e58ab5f4daeaf379670583e1c5f73a40

    SHA256

    ef31a35552671f50f2ba4f7078a1da9f5ca871c52c1f0fd82de011946f47d208

    SHA512

    6e46663d0870a6d2d82e12b0ba4b403061f1c2d6746c9c3621c7eed86f8472358a041e86150fe3c8e44b41b5bbcaef73f2174971f9c41b615d0bf2e9d2e305de

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS5BA7.tmp\winvnc.exe
    Filesize

    251KB

    MD5

    40a21759f5ad164f5c58e3c4c1a30ede

    SHA1

    287b840f6bd10a05922d9ded005eda53128efe12

    SHA256

    5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

    SHA512

    19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS5BA7.tmp\winvnc.exe
    Filesize

    230KB

    MD5

    1db6e56c589260436734a866ce7ffbfc

    SHA1

    98962946a2b4458fc5298644b7501373a86d085d

    SHA256

    a193410427b46e56e1b58085c9d24b943ac1d2e92738e159dee19a6db41a4da6

    SHA512

    1d2eb3188d9b153e0a6b79cc3e930eba3dc69b6aa983ae189c3f0a84bf03d454a7a233d28a2c74c366c41534b23e6b17d66776ffe00fc5591c66cc69a06bfb68

    Download Submit