Overview

overview

7

Static

static

3

373c84e0ec...0a.exe

windows7-x64

7

373c84e0ec...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    373c84e0ec1b0599572063b2881e160a.exe

  • Size

    876KB

  • MD5

    373c84e0ec1b0599572063b2881e160a

  • SHA1

    67fbf275624b5f6034bdaac09579b0c6f85e0d84

  • SHA256

    2195b6cc3ae0b891a9b9cb2f69cebb158e0e7654b87030c5e541ef28ba96fd5e

  • SHA512

    0450cef30463e423d372f599aee5a939da10412e37965406cd59051f35c7028dcd50d5938d489d0d382dd1addda99bc8e08becd34aeadeb5742690b8579c4c32

  • SSDEEP

    24576:oIMLKmtvPyHu7ICxUR7y9pNg4W7HMYG3bOAHCwJZ:HiKmHyOXY/p7s3V

Score
7/10
evasiontrojan

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\373c84e0ec1b0599572063b2881e160a.exe
    "C:\Users\Admin\AppData\Local\Temp\373c84e0ec1b0599572063b2881e160a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:924
    • C:\Users\Admin\AppData\Local\Temp\373c84e0ec1b0599572063b2881e160a.exe
      "C:\Users\Admin\AppData\Local\Temp\373c84e0ec1b0599572063b2881e160a.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5112
      • C:\Users\Admin\AppData\Local\Temp\373c84e0ec1b0599572063b2881e160a.exe
        "C:\Users\Admin\AppData\Local\Temp\373c84e0ec1b0599572063b2881e160a.exe"
        3⤵
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tQmukTrh5nU4SNsLuG8\extramod.dll
    Filesize

    73KB

    MD5

    8c86e2f1bbb9548cc5b8ebb9ab755ead

    SHA1

    5a951be12e0850fd68a8b4f2c8346bf2bf9a6df6

    SHA256

    a0322fc0f3d351574d720b99abb1b40caa92df3d379fcafc335797928e8c6aa4

    SHA512

    5e852da331720fa64bbf2c8ce4e1637ab21330cdbba672ec9dfafa5aec2aab51a15d3c26449362348ac2261a916bcc11e36935be2b764553c18595169a9e73ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tQmukTrh5nU4SNsLuG8\loading_screen.dll
    Filesize

    5KB

    MD5

    44dac7f87bdf94d553f8d2cf073d605d

    SHA1

    21bf5d714b9fcab32ba40ff7d36e48c378b67a06

    SHA256

    0e7dedad1360a808e7ab1086ff1fffa7b72f09475c07a6991b74a6c6b78ccf66

    SHA512

    92c6bf81d514b3a07e7796843200a78c17969720776b03c0d347aeefedb8f1269f6aac642728a38544836c1f17c594d570718d11368dc91fe5194ee5e83e1774

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tQmukTrh5nU4SNsLuG8\shared_library.dll
    Filesize

    200KB

    MD5

    c2393a14c61d5f38a2dcddfaa0cc197c

    SHA1

    1be0a9814f40a5bee28b0384314ac794ef14c99f

    SHA256

    bb53458ecb58c5ae1e193749161aaf9d1ad437c0b659dfa78f59906f8cd6e5cd

    SHA512

    388bba377720188f8329be9f93a77047b34caceccb5fba7a46ea8495733297903f225262c369736b10a0759fff548d976b21733de9a604d6ed4defbd0aa55f1f

    Download Submit

  • memory/2204-7-0x0000000000760000-0x0000000000776000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2204-14-0x0000000002120000-0x0000000002156000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2204-17-0x000000007FE40000-0x000000007FE50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2204-18-0x000000007FE30000-0x000000007FE40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2204-24-0x000000007FE40000-0x000000007FE50000-memory.dmp

    Filesize

    64KB

    Download