Overview

overview

7

Static

static

3

206d288cfb...77.exe

windows7-x64

7

206d288cfb...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 23:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    206d288cfb793ca1c0cbd0961cfd2f77.exe

  • Size

    868KB

  • MD5

    206d288cfb793ca1c0cbd0961cfd2f77

  • SHA1

    34b5092ab2db111ef21e5edc1c47194e54da3761

  • SHA256

    8f4be6b7d1a0f93f9bd8c2a96daf29323f3cc733ab6e0dab99ca2d471279e821

  • SHA512

    1683664d4be61f1c3931f673580a75c6848a76a1d92815050cdb141f1adc7c4ab851c6d3601db4a28ead3c45c4899002ff03145bd700e07d14c4762f9ece7e7a

  • SSDEEP

    24576:7zXKqa8SEijjC+37li4daoInr1YSfi6Hfd9JRYyGGLNv9X:7z6qaakjC+3s4da1nHzfd9MKX

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\206d288cfb793ca1c0cbd0961cfd2f77.exe
    "C:\Users\Admin\AppData\Local\Temp\206d288cfb793ca1c0cbd0961cfd2f77.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Program Files (x86)\kbbddjtwn\vtqljxtqarzof.exe
      "C:\Program Files (x86)\kbbddjtwn\vtqljxtqarzof.exe"
      2⤵
      • Executes dropped EXE
      PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\kbbddjtwn\vtqljxtqarzof.exe
    Filesize

    883KB

    MD5

    c873fbf93baa7c8df63503382582b26c

    SHA1

    a83c42dd75d27c42afa629cf7fbef7bc0bcea17a

    SHA256

    6f830fc353ba49a0c830ec690b905ff06791aab00d9c365de34a114637f0e18b

    SHA512

    60c8b40e07a318083f2e400e1f130bbd48bbd64818310af2a243007ed48636170eebe3d084723995e037b640ba28d2d1180b0bbe55bad249b4c451ff63d27209

    Download Submit

  • memory/1292-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1292-10-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2000-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2000-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2000-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download