Overview

overview

7

Static

static

3

6149e2f28d...2d.exe

windows7-x64

7

6149e2f28d...2d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    218s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6149e2f28d8b32568b5200e81b20902d.exe

  • Size

    166KB

  • MD5

    6149e2f28d8b32568b5200e81b20902d

  • SHA1

    1bad5e3cc2a6e8bf0c4ef9eb6fcf65643b36de40

  • SHA256

    8f715aa416dff7b9185566281ed37d86974047989ec1506ac01f0298f06b210f

  • SHA512

    fb4d3050dee076e92068da14ae14403ded27a24f93497b27324a539a4b15c931eeca33cdc297732e2385180455ef2f6325b4f5f4a77c5df978dd5877219763b0

  • SSDEEP

    3072:1QtMQLkR+Qtqstruh7lvfpGACE1kICWx5lcUgpyiVGAfzXfT//qvq:0MdPFWnGAfjeYiVZrXfr/qS

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6149e2f28d8b32568b5200e81b20902d.exe
    "C:\Users\Admin\AppData\Local\Temp\6149e2f28d8b32568b5200e81b20902d.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Windows\Ilymaa.exe
      C:\Windows\Ilymaa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Ilymaa.exe
    Filesize

    72KB

    MD5

    8f58c7ae2ba4dce2428f08ea487464dd

    SHA1

    cc2c307f792940d4473c56502f0cc6471f6d7882

    SHA256

    15cf32201c283a5ee7610aef84fe3703670223ff70897fec8863849b5262b2de

    SHA512

    70dabd69bd744cbfc7dda7ac0609b448095e634fb1e2383dd6365291cfca5affa7ff90798f86482b48fa2ab20eee976920f9a3643f2092079ce2e6c4fae3bfc7

    Download Submit

  • C:\Windows\Ilymaa.exe
    Filesize

    166KB

    MD5

    6149e2f28d8b32568b5200e81b20902d

    SHA1

    1bad5e3cc2a6e8bf0c4ef9eb6fcf65643b36de40

    SHA256

    8f715aa416dff7b9185566281ed37d86974047989ec1506ac01f0298f06b210f

    SHA512

    fb4d3050dee076e92068da14ae14403ded27a24f93497b27324a539a4b15c931eeca33cdc297732e2385180455ef2f6325b4f5f4a77c5df978dd5877219763b0

    Download Submit

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    344B

    MD5

    a1cd1f3a2afacef6d9754009b55dc6f6

    SHA1

    573f74aa485904ae92a53bc6aa3167867f268b7e

    SHA256

    1ec8f6664614a12fc31abb2c8ac301e529a360043c484922db9a65f771962f7e

    SHA512

    f31c5d9f75618a372ce5867bc74615282a505770c73da146ed5692f3788a89406422d8f226be9e5d07e734190a214e0f78b591f5c4a7e0441d79abd76655f9ab

    Download Submit

  • memory/1780-42479-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1780-20-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1780-9982-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1780-48202-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1780-48204-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1780-48205-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2600-11-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2600-3-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2600-2-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2600-1-0x0000000000220000-0x0000000000239000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2600-1639-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2600-32636-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2600-0-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download