Overview

overview

7

Static

static

1

0e6d0c2ec1...dd.exe

windows7-x64

7

0e6d0c2ec1...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    26s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e6d0c2ec1afb21714dc4f73aea67fdd.exe

  • Size

    314KB

  • MD5

    0e6d0c2ec1afb21714dc4f73aea67fdd

  • SHA1

    720477e3668c4a06b66c94f9f297e0dc76afa963

  • SHA256

    1351cbab329691404ed9b6ba7b032e8449cfc7f7d7ff4b71f6df7e5945a70952

  • SHA512

    a694c4a58012e73c71e6f9ae61bb041148987c9f4783b505934390b9df47096f837622f2ece4003f057d31f0e95c27a71cec7ea9b255a7ec9b32fac98c839e1e

  • SSDEEP

    6144:I/QiQP9mOtLIfrFGzFlXnqCgiYRSbv0jS0mm3Yrkcz5KWcInG:QQiG9mOFIf5C6CglRSbv0jSg3E5KlR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e6d0c2ec1afb21714dc4f73aea67fdd.exe
    "C:\Users\Admin\AppData\Local\Temp\0e6d0c2ec1afb21714dc4f73aea67fdd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\is-O9ULK.tmp\0e6d0c2ec1afb21714dc4f73aea67fdd.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-O9ULK.tmp\0e6d0c2ec1afb21714dc4f73aea67fdd.tmp" /SL5="$80152,68730,61952,C:\Users\Admin\AppData\Local\Temp\0e6d0c2ec1afb21714dc4f73aea67fdd.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-AIHA8.tmp\CABSetup.dll
    Filesize

    13KB

    MD5

    3d91bea9d89869061efc426bef33b5f2

    SHA1

    856b1667634dca1667ebb7620453e0fb2bcfd6bd

    SHA256

    dd03d2188b904aaebe6b07d2053d83452a21310c5ed65d994f733e8100de9af0

    SHA512

    a0110f99ed4156d855d940d4fdad7394145c77185397ea7b136f41bfcb9a2c67c3048d6b7b50143e18b2c721dc019fd400e8dabec2fdb2379b7f342dc4cf363f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-AIHA8.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-O9ULK.tmp\0e6d0c2ec1afb21714dc4f73aea67fdd.tmp
    Filesize

    696KB

    MD5

    90597dd289d801c37937be1a66a8d9f5

    SHA1

    7e4dda1ea3eb253d90eed4a10a575419c11215ec

    SHA256

    3bdd80d7f44989b4ead00de7e6aa59b42aaf8a8ed9563034280cc2a94cbbd1fd

    SHA512

    6a67cb5742dde11367ea4e545e1847a691733226697c34d85c09deed334d22a3533df9c93b0ae79de7cfe224177905ef223d816b65cd7ec101791efbe09445e8

    Download Submit

  • memory/2040-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2040-2-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2040-18-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2040-26-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2648-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-23-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2648-21-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download