Overview

overview

7

Static

static

3

0289eb0ff2...e0.exe

windows7-x64

7

0289eb0ff2...e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 20:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0289eb0ff23f45e7005591a2184107e0.exe

  • Size

    685KB

  • MD5

    0289eb0ff23f45e7005591a2184107e0

  • SHA1

    ca0383ce85aa43c14ca44e7433fef8b3b81a936d

  • SHA256

    906d8cdad2e15e8a28513a4832b4db93bb52d04ad79ead66de487a463c514a8a

  • SHA512

    fd1ca6e07a9b97e99817c048d2a79ac61ba1f5229a9b783fb11eec669249420c96ba0c75365d960d18d3a26baea1ea35a2983c2063597c8cc732c753639d0317

  • SSDEEP

    12288:Cn3NTTloFoycVCm2AxqAVM4ZBoKgXOEpjZV1JkL+ERXXYNeOQKy81B4/:m3NTquFVQA0Af3g+EpZVrklRHKetK91s

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0289eb0ff23f45e7005591a2184107e0.exe
    "C:\Users\Admin\AppData\Local\Temp\0289eb0ff23f45e7005591a2184107e0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Users\Admin\AppData\Local\Temp\tllEC0.tmp\jp2lt.exe
      "C:\Users\Admin\AppData\Local\Temp\tllEC0.tmp\jp2lt.exe" -litename "0289eb0ff23f45e7005591a2184107e0"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tllEC0.tmp\Jp2lt.exe
    Filesize

    4KB

    MD5

    86ffe708e2a1b047c585f2bec87d6f7c

    SHA1

    c9342e119cbfa060d357738a543b082cea90aaa6

    SHA256

    6f343494c706a94f617fc66751d0e33e0321e3aac4bb62b35e42fcb280400797

    SHA512

    62f169a25977785c150f440f45b838db26e49b6a3918eb8c90b4d933f4016b0afb160d39e4d496aa57d84c421fdf7b5d70e17de064af2dc97d24c36c62cf1a7b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tllEC0.tmp\index.ini
    Filesize

    86B

    MD5

    5541e81e1528d68b864bce7f530da92d

    SHA1

    2bf15dc77349c0fc29f465681025f647a8fb0517

    SHA256

    f89ab7ff41f3a7d1f332fb21c2702e9eedcc3eae2b7ee1a27beaf70befd256b5

    SHA512

    f033ff8c318c69a573e0766c86051d113984aa8e56fbd31d44bfb5531c2ea34806c0ac46414ddaf6541933fed24dbac2c51681edef33a9210f663e5fd75e6812

    Download Submit

  • \Users\Admin\AppData\Local\Temp\tllEC0.tmp\Jp2lt.exe
    Filesize

    18KB

    MD5

    93b689858f000e96b84415b8a2a68a2c

    SHA1

    b6f1082bbfe98244af096371ab60173b6c36239d

    SHA256

    f54eaf6ca50d95bbc00fb1b7be9b9853bb79de155e1606ad3aa1662aba46ed90

    SHA512

    0642e2aa578465412580cea752a0b627b1a849f20bf08dd892efb1a04756fbc3714ddd0b644e52daa949a7c12aed0588ad3447078b0b493a32d17199f42f79ae

    Download Submit