Overview

overview

7

Static

static

3

3e0266b72a...bf.exe

windows7-x64

7

3e0266b72a...bf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2024, 22:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3e0266b72ad2153c1617e39efc6765bf.exe

  • Size

    591KB

  • MD5

    3e0266b72ad2153c1617e39efc6765bf

  • SHA1

    b7f7f7a18a97262cfc428b37dd3cb84fa0dbb708

  • SHA256

    329de8026199da9268abd38e074e8d350b46a69179548b0aff68707162aa8ea6

  • SHA512

    9632b7b6f259bf0444cbeda4b2d52e52ac1904f0b92a6cf1dfcbdbca4990efde0af0766ad2dfe87d174155514236e05e6e5befa94ddc1c90bcebed31b1bbf1a6

  • SSDEEP

    12288:ZKtwR/bd/s9l9aFEfu2rm3F3Z4mxxsEO6YPXTF8ewBC9sv:4twR/bx89aUNrm3QmXsh6YPXTqn5v

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 9 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e0266b72ad2153c1617e39efc6765bf.exe
    "C:\Users\Admin\AppData\Local\Temp\3e0266b72ad2153c1617e39efc6765bf.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Delete.bat
      2⤵
      • Deletes itself
      PID:2576
  • C:\Windows\VB_Server1.23.exe
    C:\Windows\VB_Server1.23.exe
    1⤵
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:3028

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\Delete.bat
            Filesize

            186B

            MD5

            ac71034f0f508137dde3879d898a2087

            SHA1

            38cca2a653f58caf7501978e98d621ac9da9e536

            SHA256

            5ed5d9d612be84aafcb3b743cb6f61ce06511b45a206e7fd405c6d3691c50918

            SHA512

            36fc17729e5c07ffccb105197d763e241609d170c9b9729b7e636d110651eb6f10b96208d747fc286d719e31a4732ccd5589cb774cfe845a44001787b4bfe71c

            Download Submit

          • C:\Windows\VB_Server1.23.exe
            Filesize

            591KB

            MD5

            3e0266b72ad2153c1617e39efc6765bf

            SHA1

            b7f7f7a18a97262cfc428b37dd3cb84fa0dbb708

            SHA256

            329de8026199da9268abd38e074e8d350b46a69179548b0aff68707162aa8ea6

            SHA512

            9632b7b6f259bf0444cbeda4b2d52e52ac1904f0b92a6cf1dfcbdbca4990efde0af0766ad2dfe87d174155514236e05e6e5befa94ddc1c90bcebed31b1bbf1a6

            Download Submit

          • memory/2020-14-0x0000000000250000-0x0000000000251000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-13-0x0000000003390000-0x0000000003391000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-5-0x00000000005C0000-0x00000000005C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-4-0x0000000002020000-0x0000000002021000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-6-0x00000000005B0000-0x00000000005B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-36-0x00000000005D0000-0x0000000000624000-memory.dmp

            Filesize

            336KB

            Download

          • memory/2020-8-0x0000000002000000-0x0000000002001000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-9-0x0000000002030000-0x0000000002031000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-10-0x0000000000630000-0x0000000000631000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-11-0x00000000032A0000-0x00000000032A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-12-0x0000000003290000-0x0000000003293000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2020-33-0x0000000000400000-0x0000000000507000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2020-15-0x0000000000260000-0x0000000000261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-18-0x00000000032B0000-0x00000000032B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-17-0x00000000032C0000-0x00000000032C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-16-0x00000000032D0000-0x00000000032D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-0-0x0000000000400000-0x0000000000507000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2020-19-0x00000000005A0000-0x00000000005A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-3-0x0000000000640000-0x0000000000641000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-2-0x0000000000660000-0x0000000000661000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-7-0x0000000002010000-0x0000000002011000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2020-1-0x00000000005D0000-0x0000000000624000-memory.dmp

            Filesize

            336KB

            Download

          • memory/2912-23-0x0000000000400000-0x0000000000507000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2912-25-0x0000000003180000-0x0000000003181000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-37-0x00000000031A0000-0x00000000031A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-24-0x0000000003170000-0x0000000003270000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/2912-35-0x00000000031B0000-0x00000000031B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-34-0x0000000003270000-0x0000000003271000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-39-0x0000000003190000-0x0000000003191000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-40-0x0000000000590000-0x0000000000591000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-41-0x0000000000630000-0x0000000000684000-memory.dmp

            Filesize

            336KB

            Download

          • memory/2912-43-0x0000000000400000-0x0000000000507000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2912-44-0x0000000003170000-0x0000000003270000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/2912-46-0x0000000000590000-0x0000000000591000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-49-0x0000000000400000-0x0000000000507000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2912-52-0x0000000000400000-0x0000000000507000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2912-56-0x0000000000400000-0x0000000000507000-memory.dmp

            Filesize

            1.0MB

            Download