Overview

overview

7

Static

static

3

144dec8962...83.exe

windows7-x64

7

144dec8962...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    17s
  • max time network
    116s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    144dec8962a519049a8e860040ff8c83.exe

  • Size

    250KB

  • MD5

    144dec8962a519049a8e860040ff8c83

  • SHA1

    2fb0f8c7fe8e27f20bae99c5b35fb8641f865fcb

  • SHA256

    58f73ca7b211babf9f79299ba4e518eebe46651022da7409f42dd9ae09287215

  • SHA512

    43b39d95cb290bf7b4bd74d15037fca71ea39e632d802af7a3e469a70bdcf8fe9cda2a712043c6e73ab906b6224d113552dc6ff41e16f1fb4a5d82cc2f7b2532

  • SSDEEP

    3072:MEsmiEsmiEsmiEsmiEsmiEsmiEsmiEsmiEsml+W2YL:MZ/Z/Z/Z/Z/Z/Z/Z/Z4+W2YL

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • Drops file in Windows directory 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\144dec8962a519049a8e860040ff8c83.exe
    "C:\Users\Admin\AppData\Local\Temp\144dec8962a519049a8e860040ff8c83.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\exc.exe
      "C:\exc.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:2792
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.freeav.com/
        3⤵
          PID:2268
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
            4⤵
              PID:2084
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://www.freeav.com/
          2⤵
            PID:2940
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
              3⤵
                PID:3036
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:1061899 /prefetch:2
                3⤵
                  PID:1576
                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:734226 /prefetch:2
                  3⤵
                    PID:756
              • C:\Windows\system32\AUDIODG.EXE
                C:\Windows\system32\AUDIODG.EXE 0xc4
                1⤵
                  PID:3012

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/2108-669-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2108-8-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2108-227-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2108-331-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2108-229-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2108-280-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2108-231-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2792-281-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2792-232-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2792-332-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2792-228-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2792-670-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2792-9-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2792-2128-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download

                • memory/2792-4270-0x0000000000400000-0x0000000000407000-memory.dmp

                  Filesize

                  28KB

                  Download