Overview

overview

7

Static

static

3

10d5f24aa9...a7.exe

windows7-x64

7

10d5f24aa9...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 06:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    10d5f24aa9ef6395755562113f39b7a7.exe

  • Size

    77KB

  • MD5

    10d5f24aa9ef6395755562113f39b7a7

  • SHA1

    d09c8bbe97bc400bc199ce36119723b812ad8662

  • SHA256

    b43883980d9215ba475c4e7c4eaee47f3804557ce95be810f94bce80cabc46f1

  • SHA512

    c002e19ee8b479915b6d414ebd200cf4334750d19cd07dc190223dd345ea70a7e17300090a8692a83b5385b37d185fc587d0cdbdcfa6f6df9adb8b4efd016974

  • SSDEEP

    1536:xf4exGDkeZ4mOoSgJEAJJ0mqoQPolpws/X9AJeO9:p4eYZ4+1JXJJ0JSp5X9Oei

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10d5f24aa9ef6395755562113f39b7a7.exe
    "C:\Users\Admin\AppData\Local\Temp\10d5f24aa9ef6395755562113f39b7a7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3324
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\ife.txt "C:\PROGRA~1\INTERN~1\ieframe.dll" /a
      2⤵
      • Drops file in Program Files directory
      PID:3944

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\ife.txt
          Filesize

          5.5MB

          MD5

          e207b919d1d86129b1e85a1b33e41edf

          SHA1

          915379f22687f21ca6a94579fe341d85d16d8ad2

          SHA256

          497b9116260a3dccf4a4aa1e672c994e6f0ef7219dff9cfe8e73a6a8eac7c454

          SHA512

          699f0368707e3ab83660ceb75bb9bf8811e41ff9bb2abfd1dd2fb6a973b8bc5aad133f2df42775cdf95faf3bc97155e27432859ebcdf8d1499e5f47c018a1c8d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsa94AF.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          e54eb27fb5048964e8d1ec7a1f72334b

          SHA1

          2b76d7aedafd724de96532b00fbc6c7c370e4609

          SHA256

          ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824

          SHA512

          c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsa94AF.tmp\time.dll
          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

          Download Submit