Overview

overview

7

Static

static

3

09b9fa61cf...24.exe

windows7-x64

7

09b9fa61cf...24.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09b9fa61cff342e61af453195b6bb124.exe

  • Size

    282KB

  • MD5

    09b9fa61cff342e61af453195b6bb124

  • SHA1

    9ece7bd977dd2ec6fa4c92b2ee262660e3f04d16

  • SHA256

    fa7a7647ffa35e27d8f77dfc2deecc176f107f1d5d1d681bdc44193a82ea1235

  • SHA512

    96d00b165060f786d4498b28f6f500248fbd42f447e3d3f719c21feaf6ee92afeb324a07717ba8c604f4e66cbc7198405d8b2308402b268e3db2a2d4a77e128e

  • SSDEEP

    6144:AdYU/c/NHRvU7plCwhyuW+j+1pJDmHixbpPYgP8cKNBbFdg:AdYUU/A7pRyuW+j+PpmCxdZ8VbF

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09b9fa61cff342e61af453195b6bb124.exe
    "C:\Users\Admin\AppData\Local\Temp\09b9fa61cff342e61af453195b6bb124.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:396
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\UNDEL.BAT
      2⤵
        PID:4640
    • C:\Windows\SysWOW64\lsasss
      C:\Windows\SysWOW64\lsasss
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:4604

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\lsasss
      Filesize

      92KB

      MD5

      e3ed1fdfc72d6288e7481f822f47e7b2

      SHA1

      e795702dc7c91f579b4df18eee6a1d64bbb9acbd

      SHA256

      c8599a8f644b96e3133c6a6e6884455161103b930d362e1d8dc2990606df52d0

      SHA512

      970ae974e74a2c9353d7350c73fc9d9fd6bd0557f86e3213385899c0255fb8ce2b3db62832fa41d50c44825c8ad0847805d0a51e4cd0d783d70ff14f9da016f4

      Download Submit

    • C:\Windows\SysWOW64\lsasss
      Filesize

      25KB

      MD5

      a8457eaeb6416ac207398800dbfce7f7

      SHA1

      97ae3bb57f1675785a00e4affae1ab910f01d732

      SHA256

      1026d4b76e222b5e181f60a7dfd5b4fa02831f774cee310191700f69886877ba

      SHA512

      f8c7b4d8511941c1d8ea55f8ea43a12ceffcb74618ecc5d392f82ca30b3b9abc955cee6b89fded2b102daa3070a176584aa2dcb76ea4670c69f0f0ef1226f8d0

      Download Submit

    • memory/396-7-0x0000000000400000-0x0000000000455019-memory.dmp

      Filesize

      340KB

      Download

    • memory/4604-4-0x0000000000400000-0x0000000000455019-memory.dmp

      Filesize

      340KB

      Download