Overview

overview

7

Static

static

3

211ee4f8e0...1e.exe

windows7-x64

7

211ee4f8e0...1e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    3s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    211ee4f8e0f479c079cba5ceecd08a1e.exe

  • Size

    562KB

  • MD5

    211ee4f8e0f479c079cba5ceecd08a1e

  • SHA1

    6096c1c947bdd40578547d86656ece74076ddf58

  • SHA256

    2c68cfdeebba1c13d4eaabef942949104c399cd1b70d2cef550a7b315c75525c

  • SHA512

    c66d349e0d05e4edeb2dca5bcbda7237e08d2b38f523629316d39c37d5d7557291bd84fc394dada36c6a9afaa560020c90d02dad1b022fb60f5ca01db25f5961

  • SSDEEP

    12288:oPwMDD1dxDx5SCbpK2h6Ieu96aUT7dxIfLbdi8R+3z2f:kt9jF5JU2h6IlLUTUvdRRaz2f

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\211ee4f8e0f479c079cba5ceecd08a1e.exe
    "C:\Users\Admin\AppData\Local\Temp\211ee4f8e0f479c079cba5ceecd08a1e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Users\Admin\AppData\Local\Temp\DM_A6RW235Niw\DownloadManager.exe
      DownloadManager.exe "C:\Users\Admin\AppData\Local\Temp\211ee4f8e0f479c079cba5ceecd08a1e.exe"
      2⤵
      • Executes dropped EXE
      PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsi1739.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    031ec9b12afb1fafc9fc397f3b90f29c

    SHA1

    de26ddfe3ef452f8205bfbd5520a8eff6328619f

    SHA256

    2dc320488b636b9dce9581a95e5a833a07500622c1a64fc05023ba6482d2a6e1

    SHA512

    cbebded4e3a87234899e2b67121f898c9060671d25088b7de29bbcbda90a5410dd3afd110417caa6c46ba656e1a863da39127e15c2122fedaa5054f4d43b90a6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi1739.tmp\pwgen.dll
    Filesize

    16KB

    MD5

    a555472395178ac8c733d90928e05017

    SHA1

    f44b192d66473f01a6540aaec4b6c9ac4c611d35

    SHA256

    82ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e

    SHA512

    e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a

    Download Submit

  • memory/2452-45-0x0000000002030000-0x00000000020B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2452-41-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2452-39-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2452-40-0x0000000002030000-0x00000000020B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2452-44-0x0000000002030000-0x00000000020B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2452-43-0x0000000002030000-0x00000000020B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2452-42-0x0000000002030000-0x00000000020B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2452-46-0x0000000002030000-0x00000000020B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2452-47-0x00000000213E0000-0x0000000021B86000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2452-53-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

    Filesize

    9.6MB

    Download