Overview

overview

7

Static

static

3

38a7650d04...2b.exe

windows7-x64

7

38a7650d04...2b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 13:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    38a7650d049798d3cdde44b30fcb182b.exe

  • Size

    2.2MB

  • MD5

    38a7650d049798d3cdde44b30fcb182b

  • SHA1

    eb569cb9deeb04c9afd3c9bfe79bc90e67f7ea4e

  • SHA256

    499dcf9011ea82fedd4a93045126d7ac43ceb0740fdfeac57d5e2c482e913d96

  • SHA512

    f3fc18cb1dbd50abed98c25b7313b67e2493eeba626bfa9b0d719fab0917cccba8ea95404e97b5eab2841e0ef010ac1e42667b7005799be04a179af3b4449b78

  • SSDEEP

    49152:kUv8Lkr77yfUN1KC9Bk2sC3cK5cswOmrz0zju997LCrBErCVa:nikr7g21fjkFCsK5Dyrz4jU2SuVa

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38a7650d049798d3cdde44b30fcb182b.exe
    "C:\Users\Admin\AppData\Local\Temp\38a7650d049798d3cdde44b30fcb182b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Users\Admin\AppData\Local\Temp\is-1QMSO.tmp\is-PK2BV.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1QMSO.tmp\is-PK2BV.tmp" /SL4 $400EC C:\Users\Admin\AppData\Local\Temp\38a7650d049798d3cdde44b30fcb182b.exe 2241457 104448
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3040

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-1QMSO.tmp\is-PK2BV.tmp
          Filesize

          381KB

          MD5

          02bed163220b783c2d1b6bea9443bcf2

          SHA1

          44af46c1db9d4e4a12ec93baf4a8d94afee7e3eb

          SHA256

          e0540e6b19bd898dc40e92cb04a0c288a4386219e2b3d2320ce76bf82f6c12be

          SHA512

          27cab76a6e08e8c4b4d4abe52ad84799441d87dbba7a78857ed71a6d901b8dcba6f3fd1ececf1e3822fd138a5f19dba50ee2f02957f7d3f7b1b3c3bded1ca467

          Download Submit

        • memory/1272-1-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

          Download

        • memory/1272-14-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

          Download

        • memory/3040-15-0x0000000000400000-0x00000000004A6000-memory.dmp

          Filesize

          664KB

          Download