Overview

overview

10

Static

static

3

5371e6dbfd...94.exe

windows7-x64

7

5371e6dbfd...94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 04:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5371e6dbfde78271bacebdb2ba061394.exe

  • Size

    170KB

  • MD5

    5371e6dbfde78271bacebdb2ba061394

  • SHA1

    b559283224f039ee08866104720cef002cc6d4d4

  • SHA256

    34dc5e717a19b7e7cc8c57dd94e1440bc2d22f45ff2f8c8f74dc315cbb78c380

  • SHA512

    1a6827932159cfa2d03385e9bd25c622e2a69c2f07648d257c6801dc6e8d10b8f46a9c34f81e4fad598190a71db08c3232cdbc75c5035ea176cff8252e03fc1b

  • SSDEEP

    3072:7KNsB6jNa6kfaVSR5hTE8Rwdp0NSc3NBXRLxvUJeoSeCCDRlKc9:7Yq4HkfaMT5BNXLxPJeC

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5371e6dbfde78271bacebdb2ba061394.exe
    "C:\Users\Admin\AppData\Local\Temp\5371e6dbfde78271bacebdb2ba061394.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\file.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\file.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:1944
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\file.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\file.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2164
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 128
    1⤵
    • Loads dropped DLL
    • Program crash
    PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2164-25-0x0000000000220000-0x0000000000233000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2164-24-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2164-22-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2164-19-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2164-17-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2164-15-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2164-13-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2164-11-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download