Overview

overview

7

Static

static

3

19b3f52c0a...c1.exe

windows7-x64

7

19b3f52c0a...c1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 13:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19b3f52c0ada0bd2bee71d7744b3c9c1.exe

  • Size

    592KB

  • MD5

    19b3f52c0ada0bd2bee71d7744b3c9c1

  • SHA1

    30294ce2627bb467ceadfa92186d627dab60e77b

  • SHA256

    bf62d4833960e5c82cec8236efd58ed16964b9e57fc0ba803bb461f22847768e

  • SHA512

    f993afb6aea5b75cec1dda46a5de6a3e0a86046287f090e37c10913abd74de16746c5df5c28c594600f670d5f3319de879a18305532cb745f119b2b690fc7f5c

  • SSDEEP

    12288:gfw5jx97iTFHwZ4R4ymmF3Z4mxxwV1quiY3+tK4TTxd:35jP7UGE4KQmXwMYY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19b3f52c0ada0bd2bee71d7744b3c9c1.exe
    "C:\Users\Admin\AppData\Local\Temp\19b3f52c0ada0bd2bee71d7744b3c9c1.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Delete.bat
      2⤵
      • Deletes itself
      PID:2900
  • C:\Windows\system\System
    C:\Windows\system\System
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of FindShellTrayWindow
    PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Delete.bat
    Filesize

    186B

    MD5

    594efc25e6bddd08f26a4206d1e76a1b

    SHA1

    ed6d65089611541da75572a4ea50ed131c42c89c

    SHA256

    090ad02e606ec380f42cf3889f6cc48e50773027abcb4d5241878b2dc39c017d

    SHA512

    54b9189c0ef151e014aea2bb5ca5e2c3af33b9c82e068aa9aee8d5935e0e9e2b7122922ba3df7a7acf2936adb89dd636696803c3fe9a6752275c6c70b8b724f4

    Download Submit

  • C:\Windows\system\System
    Filesize

    592KB

    MD5

    19b3f52c0ada0bd2bee71d7744b3c9c1

    SHA1

    30294ce2627bb467ceadfa92186d627dab60e77b

    SHA256

    bf62d4833960e5c82cec8236efd58ed16964b9e57fc0ba803bb461f22847768e

    SHA512

    f993afb6aea5b75cec1dda46a5de6a3e0a86046287f090e37c10913abd74de16746c5df5c28c594600f670d5f3319de879a18305532cb745f119b2b690fc7f5c

    Download Submit

  • C:\Windows\system\System
    Filesize

    129KB

    MD5

    b7cc8a911c06ec2ae15db2cdcd73fe9c

    SHA1

    5ca2b3d6db993376abca7ac61a2e04be1e216b30

    SHA256

    63e8b0e6816f56f70eb38a285499874aae6b5d336ca68fe8dab2d618e2e7b2eb

    SHA512

    cf57ac4fed26d03c4d28a138734b7d40494d8fb5ae7a9581b56e213a1f969d346414e3aa9669e18a9fa18adf48fc842bccd845b3391fde70ba26e5bb1d493d74

    Download Submit

  • memory/2552-3-0x0000000000670000-0x0000000000671000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-7-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-22-0x0000000002390000-0x0000000002391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-21-0x00000000023B0000-0x00000000023B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-25-0x00000000023E0000-0x00000000023E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-19-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-18-0x0000000002360000-0x0000000002361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-17-0x0000000002330000-0x0000000002331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-16-0x0000000002340000-0x0000000002341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-15-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-14-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-13-0x0000000002350000-0x0000000002351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-12-0x0000000001F00000-0x0000000001F01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-11-0x0000000002320000-0x0000000002321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-10-0x00000000032B0000-0x00000000032B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2552-9-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-8-0x00000000032C0000-0x00000000032C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-47-0x0000000000400000-0x0000000000503000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2552-6-0x0000000000660000-0x0000000000661000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-5-0x0000000000550000-0x0000000000551000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-4-0x0000000000560000-0x0000000000561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-0-0x0000000000400000-0x0000000000503000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2552-2-0x0000000000580000-0x0000000000581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-23-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-28-0x00000000032F0000-0x00000000032F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-30-0x00000000032D0000-0x00000000032D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-29-0x00000000032E0000-0x00000000032E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-31-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-27-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-26-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-24-0x00000000023F0000-0x00000000023F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-20-0x00000000023D0000-0x00000000023D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-49-0x0000000000600000-0x0000000000654000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2552-1-0x0000000000600000-0x0000000000654000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2552-32-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-50-0x00000000031B0000-0x00000000031B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-54-0x0000000003250000-0x0000000003251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-56-0x0000000003300000-0x0000000003301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-53-0x0000000000510000-0x0000000000564000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2872-52-0x0000000003240000-0x0000000003241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-51-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-38-0x00000000031A0000-0x00000000031A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-36-0x0000000000400000-0x0000000000503000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2872-48-0x00000000031C0000-0x00000000031C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-46-0x00000000031D0000-0x00000000031D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-57-0x0000000000400000-0x0000000000503000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2872-58-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB

    Download