Overview

overview

7

Static

static

3

13715dc12a...94.exe

windows7-x64

7

13715dc12a...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 08:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    13715dc12aad35bd77f331abd176ab94.exe

  • Size

    5.7MB

  • MD5

    13715dc12aad35bd77f331abd176ab94

  • SHA1

    cfb5a8e80bdb867844978560e23eb406a8ee72a1

  • SHA256

    aad8374aadb9203c48b0fee467ecce1184db9f805b921d8d4a22d35a179cdedc

  • SHA512

    989238a4b739de1e28639dfb763fc7423ed9ac9d2d61d05d23acd68d6fe9930812f1922bb1499bb2b6b18caabcb5070cc9739ea3f083ca8795ca167b56c986bc

  • SSDEEP

    98304:+3r0Zhg1zrF9CQORYG+Tm7qTtPUdGG5/7VykknOklyuxrq0eRRmNd1Zg:aQPyzTG++cQDkvl3q0fPXg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\13715dc12aad35bd77f331abd176ab94.exe
    "C:\Users\Admin\AppData\Local\Temp\13715dc12aad35bd77f331abd176ab94.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\is-JJ2EO.tmp\13715dc12aad35bd77f331abd176ab94.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JJ2EO.tmp\13715dc12aad35bd77f331abd176ab94.tmp" /SL5="$70120,5711564,54272,C:\Users\Admin\AppData\Local\Temp\13715dc12aad35bd77f331abd176ab94.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1340

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-JJ2EO.tmp\13715dc12aad35bd77f331abd176ab94.tmp
          Filesize

          695KB

          MD5

          620f32e56b46e90e8aee43febc59f6e3

          SHA1

          d5edd63dd1390a1420b85f746e12a66625ae9354

          SHA256

          bcc9d63213012bf25a37f48015e5f755d359f3b08d05d35319b03b4a72710730

          SHA512

          8a9d2a2eb3891265cec379978399ad6c9b4bf3e12e0f381946b4390621b943b97fa04fbb87ad628652bd765b706eb2ff56001f24de24e9bcc487a59ca2f07d9c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-K1OUT.tmp\_isetup\_shfoldr.dll
          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

          Download Submit

        • memory/1340-8-0x00000000002C0000-0x00000000002C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1340-17-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/1340-20-0x00000000002C0000-0x00000000002C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-0-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2252-2-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2252-16-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download