Overview

overview

7

Static

static

3

210ab91714...61.exe

windows7-x64

7

210ab91714...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 13:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    210ab91714ddfa489740bb39f6b8f461.exe

  • Size

    225KB

  • MD5

    210ab91714ddfa489740bb39f6b8f461

  • SHA1

    1ef2c1ebb7fd1460a0e45fc9d5f69426f1f51ff1

  • SHA256

    22f17c29dcf988015e5d906bfefd57416ee4d94f6b08855c9f8885d29d7e22a7

  • SHA512

    7884ceb86eaded962b892469a7cdfdc2c8000974a481b46f7107c772a7db2733c67d45137e822e8829211700af031b99d0054576b27746ab6a35586aa6f0bc5f

  • SSDEEP

    6144:cRgym92YGB+40vPLGPANfk/b8tv60seaqBRqNGsJEZ:06fu+40vPBfk/4vnBamqQ4y

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\210ab91714ddfa489740bb39f6b8f461.exe
    "C:\Users\Admin\AppData\Local\Temp\210ab91714ddfa489740bb39f6b8f461.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Users\Admin\AppData\Local\Temp\7zS195A.tmp\winvnc.exe
      .\winvnc.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS195A.tmp\background.bmp
    Filesize

    1KB

    MD5

    286437bb3e955acc3b4c5f543af5b7a8

    SHA1

    b21b1f63ae89bd032cf773fc61aa78325d338098

    SHA256

    35266ddc4e244bd754007d155d90301bf2ebc910216cb46bcfe77cb778e003f1

    SHA512

    3ad62d8140f896c8cf0007ddca3266c6fc179b252dc0e352ed514ad9ca7b0c93ba7ba0018951019674ec5d53401d3476bcab677c0391f01f3f3ca9d2658c4fec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS195A.tmp\helpdesk.txt
    Filesize

    993B

    MD5

    795a150f6d9aaf0df33e98694b426dd2

    SHA1

    d269aae0997c0b3fc9e6bb3c88c21e0488933483

    SHA256

    de143885efb907114eb67c958431d5f453eb0891c4a35e5f022aab58b4e49ec5

    SHA512

    4c7658be78be7b80130bb2d176fe57887de63a107f2e84140140df5642e112f1758d625bbbb01607ab5b244b64a55b6b26431e0a2ad8bf0a8459b9127d145bde

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS195A.tmp\logo.bmp
    Filesize

    45KB

    MD5

    bd90d5ad6a3873e0eec22408ee92019d

    SHA1

    9899e5360b2fb61ae297d15471412054671b9752

    SHA256

    7f4d6d7ee69d332bb31576e998ad5c55924d96451e925cd01dff6ac932b30149

    SHA512

    628de103658a7479cb0f37b9a5f5155cf3c7638c54ccf172f3e771a2fb60c24b37af1a49a7a2542dc00fbfb3e7c351cc68e2fbe6143fe929dc4af2ce0f2adbf4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS195A.tmp\winvnc.exe
    Filesize

    12KB

    MD5

    6fb97993e5538e3fc4bb59c0dae7b449

    SHA1

    c8ecc11ea41015a678818c941f3c436fee736199

    SHA256

    ffa2223f3eddf4ef927dbea4a72c94937df96640ef33748ca999ac43ffb741a2

    SHA512

    d512c9870bdcdc8a263b266ffe11fd089f0b453fcd4f6dc4c53a40ebc5a56df99559859ade67ba802430a7eab35e80704aef0c37bd13b781cac5ce460c4930ca

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS195A.tmp\winvnc.exe
    Filesize

    236KB

    MD5

    77de6bb7c680776fa67a5646072b7fed

    SHA1

    7f3c35d85c96ff903844feaf1aed010a34119c40

    SHA256

    50831333c6ba49fc871ca20f4a4778119e24fb975912023fd4c8bfd72b45c191

    SHA512

    c7e84578ac2ad87c4595496e695f66245910a446aaa54cc2540feed18a0cc6933d88570aa0280749e5ae8374f6643d20e98ca57f6ad437cc3dc6acf916a4bd5a

    Download Submit