Overview

overview

7

Static

static

3

368134122c...e3.exe

windows7-x64

7

368134122c...e3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    368134122ca1ba8173f3a07073cd32e3.exe

  • Size

    519KB

  • MD5

    368134122ca1ba8173f3a07073cd32e3

  • SHA1

    b635dc8101a7fb6bb77f37df4e2cc828996ae8f3

  • SHA256

    1ccb063e8fa4f6a38ebcc7959f4080b282944c4b7097289ca25edad9db6c4eb3

  • SHA512

    53d29f149a8daf61e857321dc8a63f631fe7f21e7a85bc296af8f0b31b362445e740a860da2ed204dfb7d47836b5c1bf7b9ad2a2c8c341ab74c80e37ff75f5b9

  • SSDEEP

    12288:VYXKTYHv624h6G33QW/LTnInrcpLT58B:klSvY87LTIYpLT+

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1372
      • C:\Users\Admin\AppData\Local\Temp\368134122ca1ba8173f3a07073cd32e3.exe
        "C:\Users\Admin\AppData\Local\Temp\368134122ca1ba8173f3a07073cd32e3.exe"
        2⤵
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1364
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Windows\system32\Deleteme.bat
          3⤵
          • Deletes itself
          PID:2852
    • C:\Windows\SysWOW64\mmspy.exe
      C:\Windows\SysWOW64\mmspy.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:3064

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\Deleteme.bat
      Filesize

      184B

      MD5

      082b24a75acb143ae44ede48f1c45961

      SHA1

      392299cc774de8dc1a23b083147e8970ba53249a

      SHA256

      0ae864b9b25fd1039303487ef69837f3f615e0f0678e88bebfaa185cb75c4a00

      SHA512

      434fcd08dabcb2ca820846930e6b47e43cf82c2cfac990d05952f5837fc53020719ecc69ac6feb17aad93fd4876fcd6685437335500c786a9f37038c025647ac

      Download Submit

    • C:\Windows\SysWOW64\mmspy.exe
      Filesize

      519KB

      MD5

      368134122ca1ba8173f3a07073cd32e3

      SHA1

      b635dc8101a7fb6bb77f37df4e2cc828996ae8f3

      SHA256

      1ccb063e8fa4f6a38ebcc7959f4080b282944c4b7097289ca25edad9db6c4eb3

      SHA512

      53d29f149a8daf61e857321dc8a63f631fe7f21e7a85bc296af8f0b31b362445e740a860da2ed204dfb7d47836b5c1bf7b9ad2a2c8c341ab74c80e37ff75f5b9

      Download Submit

    • memory/1364-14-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download

    • memory/1372-6-0x0000000002A10000-0x0000000002A11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-3-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download