Overview

overview

7

Static

static

3

2d682d45e4...9b.exe

windows7-x64

7

2d682d45e4...9b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d682d45e4ba7c26e23cf4281fd2d29b.exe

  • Size

    2.3MB

  • MD5

    2d682d45e4ba7c26e23cf4281fd2d29b

  • SHA1

    9ca05cde14736d324920f0b2fc370cb8b3ea214c

  • SHA256

    e47f7ef927f067d736c3efbaf2e8fe83e1de7df4078a40701d222cb4576e7cc3

  • SHA512

    d2ca2e836d53f10985b610dd16fcfb4da38fb564993f31ae5e06b160f933e8a51aac69b634413fd8f2691bd52579b82d0d84c5a494136d363c9c1cfa55fee575

  • SSDEEP

    49152:5a/k0rzeSoviXgo7F+pF3LRXfSRSfZfmaeZpRgkUtNxJyrtinXBgJ:Q/zzeSoNF3LFfCSfZfreZ+NEkRgJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d682d45e4ba7c26e23cf4281fd2d29b.exe
    "C:\Users\Admin\AppData\Local\Temp\2d682d45e4ba7c26e23cf4281fd2d29b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Users\Admin\AppData\Local\Temp\is-K2HIV.tmp\2d682d45e4ba7c26e23cf4281fd2d29b.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-K2HIV.tmp\2d682d45e4ba7c26e23cf4281fd2d29b.tmp" /SL5="$4010A,2013056,54272,C:\Users\Admin\AppData\Local\Temp\2d682d45e4ba7c26e23cf4281fd2d29b.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-K2HIV.tmp\2d682d45e4ba7c26e23cf4281fd2d29b.tmp
    Filesize

    240KB

    MD5

    c55d8bed3cfe8347014536f3623b76d4

    SHA1

    08a3262cad3c8797799bfaa4a96701b7e036f086

    SHA256

    b4052e4f24a2c0d028ffe43d5ca63836525437827eef4b7dbc317b6335f96b1f

    SHA512

    d29904cb35c8dc2d680f6acbb003ee8f771375165533372ca4a40c1c7335b93d44065d51e814e76f7217f21e86dd87745447c3c918671c10748b7dc0fc9613cd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-K2HIV.tmp\2d682d45e4ba7c26e23cf4281fd2d29b.tmp
    Filesize

    320KB

    MD5

    60a6f95f00b99697808abcc526c14dbb

    SHA1

    39dd1d7177f9a79a2aa10bfba5c17cc8b651ca94

    SHA256

    83155c865ce599fdc985e93add59952b35f7239ffc53d57ed9c0c96c95190847

    SHA512

    87637932392a3c61ff60ebe7907c1faeb32154996fb0b4b6b74f4bc4b673dd29edc041b0489fe7178d8487d0c462afbe70994477f60d22cbdd35d28b70c767f0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-OBJ41.tmp\_isetup\_isdecmp.dll
    Filesize

    19KB

    MD5

    3adaa386b671c2df3bae5b39dc093008

    SHA1

    067cf95fbdb922d81db58432c46930f86d23dded

    SHA256

    71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

    SHA512

    bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-OBJ41.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-OBJ41.tmp\itdownload.dll
    Filesize

    127KB

    MD5

    1084c8ccb28c2fb58657fc55c10ab66c

    SHA1

    36e2580b5b03c82565214a7936df1189ca1173d0

    SHA256

    b44b90262cb024c34d3c16ddcf860b649024071692814bd66ef142e13f8b3025

    SHA512

    586ae88b2f739bcf351349f911cea4f8adb9663d0aeb81bbca65fb4d0e23ab9d3c5ab6f9f993a4c32988d3943ba27125b9b3a53a4a7b4b9d453059d19c005474

    Download Submit

  • memory/2008-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2008-42-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2532-31-0x0000000003760000-0x0000000003761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-27-0x0000000003720000-0x0000000003721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-37-0x00000000037C0000-0x00000000037C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-35-0x00000000037A0000-0x00000000037A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-34-0x0000000003790000-0x0000000003791000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-33-0x0000000003780000-0x0000000003781000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-32-0x0000000003770000-0x0000000003771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-39-0x0000000003920000-0x0000000003921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-30-0x0000000003750000-0x0000000003751000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-29-0x0000000003740000-0x0000000003741000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-28-0x0000000003730000-0x0000000003731000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-38-0x00000000037D0000-0x00000000037D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-26-0x0000000003710000-0x0000000003711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-25-0x0000000003700000-0x0000000003701000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-24-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-23-0x0000000000600000-0x0000000000601000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-22-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-7-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-36-0x00000000037B0000-0x00000000037B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-44-0x00000000003A0000-0x00000000003DC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2532-43-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2532-20-0x00000000003A0000-0x00000000003DC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2532-45-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-51-0x00000000003A0000-0x00000000003DC000-memory.dmp

    Filesize

    240KB

    Download