Overview

overview

7

Static

static

3

7729369121...a0.exe

windows7-x64

7

7729369121...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77293691212ca8f5d546e6eeec064ba0.exe

  • Size

    22.0MB

  • MD5

    77293691212ca8f5d546e6eeec064ba0

  • SHA1

    4dd6caeee5d58ab4a0277ed5bc8992b31dac58cb

  • SHA256

    69555e5c49102b24a3748ea1cf44ecce886c933a1ef33e96ab6d53bbedb9c0b8

  • SHA512

    36f764082cb3c8b29598afb1163df1044323bb5246bc5c0e4e1b29e33b76281c356be2d76e181963c88611f1d5c6a53acdb87cf456970d49ac59a416a07ad4b1

  • SSDEEP

    393216:N2CdOpb0tQ4RCrN1VMPA4QPL0eyBeQ6fFWct3v4MxVo1wh0hfP0zqdp9llF4+s3X:YaCrbiaMBgUct3QMnoOhU0zq/llC+EDl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77293691212ca8f5d546e6eeec064ba0.exe
    "C:\Users\Admin\AppData\Local\Temp\77293691212ca8f5d546e6eeec064ba0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Users\Admin\AppData\Local\Temp\is-2F745.tmp\77293691212ca8f5d546e6eeec064ba0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2F745.tmp\77293691212ca8f5d546e6eeec064ba0.tmp" /SL5="$4010A,22345545,721408,C:\Users\Admin\AppData\Local\Temp\77293691212ca8f5d546e6eeec064ba0.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-2F745.tmp\77293691212ca8f5d546e6eeec064ba0.tmp
    Filesize

    2.4MB

    MD5

    8e2d270339dcd0a68fbb2f02a65d45dd

    SHA1

    bfcdb1f71692020858f96960e432e94a4e70c4a4

    SHA256

    506176b3245de84bb0b7a4da4b8068b9dd289eb9a3a1757d4183c7c3f168c811

    SHA512

    31eac8aabe8ac83f24d4eba21bc3a52b56105f52402aeb00e505a6be3208cf92cc57529b26f1b29605f554dccdff51e9f28f584268bfda689f53be624f3fd647

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-VPFKG.tmp\isxdl.dll
    Filesize

    121KB

    MD5

    48ad1a1c893ce7bf456277a0a085ed01

    SHA1

    803997ef17eedf50969115c529a2bf8de585dc91

    SHA256

    b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

    SHA512

    7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

    Download Submit

  • memory/2376-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-15-0x0000000000400000-0x0000000000679000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2376-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-1-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2412-14-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download