Overview

overview

7

Static

static

3

77e8c28a8f...e6.exe

windows7-x64

7

77e8c28a8f...e6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 15:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    77e8c28a8fb53c3fe0ed78398b9b97e6.exe

  • Size

    630KB

  • MD5

    77e8c28a8fb53c3fe0ed78398b9b97e6

  • SHA1

    75b15ab27387a84895c51d2a13708961d3e414f6

  • SHA256

    9f8f3e09babe3e95213b715373c8e0cee787d234577017d6f119d1278d27c14f

  • SHA512

    1ffbc3f7e8e6558260f94da7ac9d2b857966dd21136f932713c35bbfda2c529bdcc72a8417f11ee28a3ece666a1ab0a0438212a648750878d49b1a4e5b982358

  • SSDEEP

    12288:b5l7S0MrlsyR60X+EakXS+SWl0Ggkne2TZJ0l:b59olsqpbi+TqGm2TP0l

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77e8c28a8fb53c3fe0ed78398b9b97e6.exe
    "C:\Users\Admin\AppData\Local\Temp\77e8c28a8fb53c3fe0ed78398b9b97e6.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:816
  • C:\Program Files (x86)\51Remote\51Remote.exe
    "C:\Program Files (x86)\51Remote\51Remote.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3232
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      C:\Program Files (x86)\51Remote\51Remote.exe
      2⤵
        PID:1912
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 12
          3⤵
          • Program crash
          PID:1664
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1912 -ip 1912
      1⤵
        PID:264

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\51Remote\51Remote.exe
              Filesize

              1.2MB

              MD5

              83b956d4d7befe07ea9735d0f13c5f9a

              SHA1

              7581a5d63441f95a0edaec3e2a606e0abcf15702

              SHA256

              46b362936c6e980a0a25753e137adbd95e766cecfabd946cb1be71cabce86c4e

              SHA512

              ffb44276b9839b82db72c522887dabccaa25b2b9b870193537685ce22dd7462f6f334153175339dec5d65a4c260cea1a7e112b5643befde921a3adcc6d11e4cc

              Download Submit

            • C:\Program Files (x86)\51Remote\51Remote.exe
              Filesize

              1.1MB

              MD5

              2d7531259e012a4b9b6f11155f744528

              SHA1

              72f09f999c6136adcd8f038473d63222a1d07889

              SHA256

              9e256619f883a8e87d562a12c3a4ea47a89408f5d4a1d4e1f98b6a92caab64e7

              SHA512

              92ec207cbb7eadbd3c0ee0dd0892ecb4ebf0bc15322017732aa9248da6e71f4b846f033bdbc02daf96b9fed4f4fea138190eefe03911d0d3c047b146cb7734b4

              Download Submit

            • memory/816-0-0x0000000002260000-0x0000000002261000-memory.dmp

              Filesize

              4KB

              Download

            • memory/816-8-0x0000000000400000-0x00000000004B0000-memory.dmp

              Filesize

              704KB

              Download

            • memory/1912-6-0x0000000000400000-0x00000000004B0000-memory.dmp

              Filesize

              704KB

              Download

            • memory/3232-5-0x0000000000DB0000-0x0000000000DB1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3232-7-0x0000000000400000-0x00000000004B0000-memory.dmp

              Filesize

              704KB

              Download