105ffaae906c8b8d1d600cb1d79031b4cdc0279f3c2a1669a8c96ce5237537ee

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0396ac3498a67827514b6af2a7463deb.exe
Size

303KB
MD5

0396ac3498a67827514b6af2a7463deb
SHA1

683480edfdf648e36d16142a2fac5a7aaff539e1
SHA256

105ffaae906c8b8d1d600cb1d79031b4cdc0279f3c2a1669a8c96ce5237537ee
SHA512

b852958798c5934a79bb37e98a010234df05e0b3cc58a7f64a3ad5e80fa4414d83d9cc9d4269845c6e633ff38960054adba31ae8524d12dae1296d38f9f2bed5
SSDEEP

6144:3KzIQQ0v82Aa3xGKeP5xHJKzbU2Mp2+cBBYORWFZS+e5H40/x:6zII0a3AKqjIBME5BYZE5H4Gx

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2752	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2312	SVCHOSI.EXE

Loads dropped DLL 2 IoCs

pid	Process
2308	0396ac3498a67827514b6af2a7463deb.exe
2308	0396ac3498a67827514b6af2a7463deb.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SVCHOSI.EXE	0396ac3498a67827514b6af2a7463deb.exe
File opened for modification	C:\Windows\SysWOW64\SVCHOSI.EXE	SVCHOSI.EXE
File created	C:\Windows\SysWOW64\Deleteme.bat	0396ac3498a67827514b6af2a7463deb.exe
File created	C:\Windows\SysWOW64\SVCHOSI.EXE	0396ac3498a67827514b6af2a7463deb.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2312	2308	0396ac3498a67827514b6af2a7463deb.exe	28
PID 2308 wrote to memory of 2312	2308	0396ac3498a67827514b6af2a7463deb.exe	28
PID 2308 wrote to memory of 2312	2308	0396ac3498a67827514b6af2a7463deb.exe	28
PID 2308 wrote to memory of 2312	2308	0396ac3498a67827514b6af2a7463deb.exe	28
PID 2308 wrote to memory of 2752	2308	0396ac3498a67827514b6af2a7463deb.exe	30
PID 2308 wrote to memory of 2752	2308	0396ac3498a67827514b6af2a7463deb.exe	30
PID 2308 wrote to memory of 2752	2308	0396ac3498a67827514b6af2a7463deb.exe	30
PID 2308 wrote to memory of 2752	2308	0396ac3498a67827514b6af2a7463deb.exe	30

C:\Users\Admin\AppData\Local\Temp\0396ac3498a67827514b6af2a7463deb.exe
"C:\Users\Admin\AppData\Local\Temp\0396ac3498a67827514b6af2a7463deb.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\SysWOW64\SVCHOSI.EXE
  C:\Windows\system32\SVCHOSI.EXE -NETBC
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:2312
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\system32\Deleteme.bat
  2⤵
  - Deletes itself
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Deleteme.bat

Filesize
184B

MD5
1ea4875e2647d0b230119a2e18fc0076

SHA1
1188e831076b1da192d3de91aa92c8928a2d092c

SHA256
ee9a378b9cc35f9e7521b3bda5583e6f5c56ecf659faa74f3657c901d49e81ab

SHA512
02f8ae7b17cf1283c3a966e7cf426afedfb13771893968d7453bc555f5869a4f35be14f888658a8b962f4eb598da4a0c6399ede41b93f2b3ac30115712bb9a6a

Download Submit
C:\Windows\SysWOW64\SVCHOSI.EXE

Filesize
223KB

MD5
b6630a601ee1e5f21a7f5f8a94666fd1

SHA1
aa3d6fc2504903fac55be2a86b02c13f53de1a6a

SHA256
0464f13c2e96e530a401aecedee1fb71468e57196394bf8fe96de29714a90b0c

SHA512
241a4ca6a06959fed30bb1c469ea7b06f2038bc58c33cd88a9eff757899b89ce73440b0ee94b383246b13120f16139169257595c55924ae35f07d86e36b1f8f8

Download Submit
C:\Windows\SysWOW64\SVCHOSI.EXE

Filesize
303KB

MD5
0396ac3498a67827514b6af2a7463deb

SHA1
683480edfdf648e36d16142a2fac5a7aaff539e1

SHA256
105ffaae906c8b8d1d600cb1d79031b4cdc0279f3c2a1669a8c96ce5237537ee

SHA512
b852958798c5934a79bb37e98a010234df05e0b3cc58a7f64a3ad5e80fa4414d83d9cc9d4269845c6e633ff38960054adba31ae8524d12dae1296d38f9f2bed5

Download Submit
memory/2308-1-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2308-0-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/2308-10-0x0000000002F90000-0x00000000030B0000-memory.dmp

Filesize
1.1MB

Download
memory/2308-17-0x0000000002F90000-0x00000000030B0000-memory.dmp

Filesize
1.1MB

Download
memory/2308-2-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/2308-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2308-31-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/2312-19-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/2312-20-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2312-18-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/2312-29-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2312-30-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/2312-33-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads