Overview

overview

7

Static

static

3

0eb5fa03b8...92.exe

windows7-x64

7

0eb5fa03b8...92.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 04:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0eb5fa03b8eea1751bd012eda206e292.exe

  • Size

    4.8MB

  • MD5

    0eb5fa03b8eea1751bd012eda206e292

  • SHA1

    acbbe2bf3e972d6fc33687fa5a2cf6f3cecbb7bc

  • SHA256

    918d21e0aa5f61096587321f0a4f12e3119db076991447527d64be7e79d98e88

  • SHA512

    701385146d7a732b3235a5669d13e159aec263139669e18ba7aa4fa52a72c4cdd588683386d078f7cb629c9b17f2793e785162caf89dc6b77c5f6a610f752791

  • SSDEEP

    98304:Z966KEjyRoJbKbh6lfHYx2VAyRGhk3/K8rXWIyJhyY+wWAr2ZW2SXnjyXIcd:DdjyRqKb4lgKCMS82J/mSXnj8F

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0eb5fa03b8eea1751bd012eda206e292.exe
    "C:\Users\Admin\AppData\Local\Temp\0eb5fa03b8eea1751bd012eda206e292.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 496
      2⤵
      • Program crash
      PID:2264

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nso646F.tmp\DLLChangeRegKeyPath.dll
          Filesize

          28KB

          MD5

          1f49d4c2104ecdd5145b798ada70c2c2

          SHA1

          6de3e1d84a59765dbe496175f2b6ea00997fd8e5

          SHA256

          77b08d71140e8e86b03cd183698144ce34cce98503903a964a26a7e6d82c5338

          SHA512

          825991196d5d84cd43a0d27e124b1b46671877f496efc515abbe2bcf9b26ad05cb0a8baaa2aa96d025c516f8bfb1a6cb390e96fc1ea417afb135598a72ea9b69

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nso646F.tmp\DLLDeleteTextFromHosts.dll
          Filesize

          28KB

          MD5

          e28be8e274101ca09d76ec18cb577679

          SHA1

          399425a3ac1abfa34a755f32b5488e2440f9b5cc

          SHA256

          0646ee9f41cb3080134f7d033a5d30bd58d6966f55f6ce6ce88c7963647b5142

          SHA512

          0521f518bfba0e9b9785f210e6a598e114e444e2b397e7b4bc07c4edae7b86b0f64fe747f6b389fb62804e80164a1ba866fac84632325157afb9afb35c3bcf1c

          Download Submit