Overview

overview

7

Static

static

3

41797794e9...4d.exe

windows7-x64

7

41797794e9...4d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41797794e9727e3ab0b7ecdc8a8f804d.exe

  • Size

    4.8MB

  • MD5

    41797794e9727e3ab0b7ecdc8a8f804d

  • SHA1

    9a80fb84ebcc3bd1500394254cb553bd23e397d0

  • SHA256

    b98e26e7f20370266127bb174027ac529ed6029ce410a51e0f75ee4b0d3bb0f4

  • SHA512

    aa2c0d810b3977084d6833291715d28b515b4e4ebd6757721217b834a6194e1d620ae938e917e211394cb8209a7ad57dc91f68ff817312de30296cabf3de4972

  • SSDEEP

    98304:PX4ouvgkswFADRHW6RET61GjbtCnkwPh69uvGDxSmtQeyXudKr3Eyazx14:vX4zFADde+1Gvte5P09uvwkpedKIya0

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 23 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41797794e9727e3ab0b7ecdc8a8f804d.exe
    "C:\Users\Admin\AppData\Local\Temp\41797794e9727e3ab0b7ecdc8a8f804d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3768
    • C:\Users\Admin\AppData\Local\Temp\is-KLVU1.tmp\41797794e9727e3ab0b7ecdc8a8f804d.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KLVU1.tmp\41797794e9727e3ab0b7ecdc8a8f804d.tmp" /SL5="$8011E,4345138,721408,C:\Users\Admin\AppData\Local\Temp\41797794e9727e3ab0b7ecdc8a8f804d.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4948
      • C:\Program Files (x86)\Aut\iusto\Porro.exe
        "C:\Program Files (x86)\Aut/\iusto\Porro.exe" c804188eab29f5f1667ff06a13fe3780
        3⤵
        • Executes dropped EXE
        PID:760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Aut\iusto\Porro.exe
    Filesize

    92KB

    MD5

    1cc80cf93f824b8986f7a58d5f8a3c45

    SHA1

    3184072bae7b871f872c5604807b56256e8b7764

    SHA256

    b655a69226542d661b652c01a043b996237d2da7b6746049f230b9f0175360bb

    SHA512

    e4e52d3f935bdb560989713dd94055cc9b1178f105cc01701d604c35606d7a251518d4a1df86ee11cc099235983ac68939ab0b6cd094fdb863ae78791d2468b0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-6CD5G.tmp\_isetup\_iscrypt.dll
    Filesize

    2KB

    MD5

    a69559718ab506675e907fe49deb71e9

    SHA1

    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

    SHA256

    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

    SHA512

    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-KLVU1.tmp\41797794e9727e3ab0b7ecdc8a8f804d.tmp
    Filesize

    92KB

    MD5

    aedd7a71ab2b168ab264cad34a4ba208

    SHA1

    f68a624702dc6f52bfa961c50a3abbce12b0accb

    SHA256

    44cb80c319bf52de7cfd0cc70ff0331398f1a921e3fbdeba0fce1cf1e4e0c539

    SHA512

    654137588e013554fba3c7b9d683fa074ac717287e88657db059cafbdbe953de8cc22c7de839825ae00cc758c59d3997764c0de234787d9dbadf5150287052db

    Download Submit

  • memory/760-53-0x0000000000400000-0x000000000170A000-memory.dmp

    Filesize

    19.0MB

    Download

  • memory/3768-2-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/3768-0-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/3768-55-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/4948-6-0x0000000002640000-0x0000000002641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4948-54-0x0000000000400000-0x0000000000679000-memory.dmp

    Filesize

    2.5MB

    Download