Overview

overview

7

Static

static

3

460f77900c...d0.exe

windows7-x64

7

460f77900c...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 00:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    460f77900c1e81b099a33dd6b10963d0.exe

  • Size

    89KB

  • MD5

    460f77900c1e81b099a33dd6b10963d0

  • SHA1

    ea149db23bf76be6731ba44a5d0cb2ac041e9e80

  • SHA256

    c64fd74215f4e22e342a462fd5624b560f02eede4cfc7c592303386ce4f96241

  • SHA512

    c930ee6685d217952997abd0371ac97f7385d635c3322ac77138a4a702418dde43b2d48b4cf1eb8bcfe66237e0bbfe5a2f904b86190aec24549c6cc2f4491954

  • SSDEEP

    1536:GxDnjuexoxQELWKHgG6Ou0J05s5g7zBrPhmMAeb+FVzVXLwRhvP:G9iUoxnqKHgG6v0Jn5izBrPQMAeaFV5q

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\460f77900c1e81b099a33dd6b10963d0.exe
    "C:\Users\Admin\AppData\Local\Temp\460f77900c1e81b099a33dd6b10963d0.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bandook.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bandook.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Windows\SysWOW64\ali.exe
        C:\Windows\system32\ali.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        PID:3068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2388-11-0x0000000074AE0000-0x0000000074CF8000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/2388-23-0x0000000074AE0000-0x0000000074CF8000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/2388-24-0x0000000074D80000-0x0000000074E0D000-memory.dmp

          Filesize

          564KB

          Download

        • memory/2388-15-0x0000000074D80000-0x0000000074E0D000-memory.dmp

          Filesize

          564KB

          Download

        • memory/3068-25-0x0000000075240000-0x0000000075350000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3068-26-0x0000000074AE0000-0x0000000074CF8000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3068-27-0x0000000075240000-0x0000000075350000-memory.dmp

          Filesize

          1.1MB

          Download