Overview

overview

7

Static

static

3

3bed17a377...ce.exe

windows7-x64

7

3bed17a377...ce.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bed17a3773a209f87e78a916f0c43ce.exe

  • Size

    126KB

  • MD5

    3bed17a3773a209f87e78a916f0c43ce

  • SHA1

    729da5748892da538527377c49db04631b16c2d1

  • SHA256

    c1b16b4256b3e0eed31bafbf753bb8ce2b04ba136438564c556d3253a8e5ccf5

  • SHA512

    bb2287edbee73600381d1849949adb26a353341bb42a1da21e005462a1ddeae3b8775298c33ec751e28e0cccccb6927e22b3df01a19b5681820e959ee684c72f

  • SSDEEP

    1536:nezSCticukPPzXnvnk0md41mLBVLjVRpdzmc0VkPDY/7noK:e2CqkPr80mu1m3jXzUnoK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 16 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bed17a3773a209f87e78a916f0c43ce.exe
    "C:\Users\Admin\AppData\Local\Temp\3bed17a3773a209f87e78a916f0c43ce.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\SysWOW64\MsaShshaield.exe
      C:\Windows\system32\MsaShshaield.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\MsaShshaield.exe
    Filesize

    64KB

    MD5

    cdfc0dc8c1c5c92c0dfdc9f0d788e57e

    SHA1

    5ba177ffe4e7145abccdd7698d35911cf0b92a30

    SHA256

    c3779bf0dc5a4ba193b706af0808c618a4ac627613a400997c6070559064327a

    SHA512

    6548ec61b9a027ab1188fed5b371fdf6bfcd339e4e008ab79aab2bf259e7b2c5e7836e0c8cef7bd93f8aef8f70d6de3a225564a273e8bacb0d9e1d6b984df1a9

    Download Submit

  • C:\Windows\SysWOW64\MsaShshaield.exe
    Filesize

    77KB

    MD5

    c84e6ade6ffe1fe33cb992823fd5e2a4

    SHA1

    352fd7c9cd144fa9cdd3c5a52d340c52d6809264

    SHA256

    05198b88c96b9b9d6a48254c1f8177422e3387c165087903a7301685add7dcb2

    SHA512

    68c9890fa6afce88c76c18985a710fc67ba6cebd3544a6f282972bcf76ac4d02d18d62dc394cae076dfce7efc6faddd5902bbd8c64d05fa966d3a38a68d7bb17

    Download Submit

  • C:\Windows\SysWOW64\MsaShshaield.exe
    Filesize

    126KB

    MD5

    3bed17a3773a209f87e78a916f0c43ce

    SHA1

    729da5748892da538527377c49db04631b16c2d1

    SHA256

    c1b16b4256b3e0eed31bafbf753bb8ce2b04ba136438564c556d3253a8e5ccf5

    SHA512

    bb2287edbee73600381d1849949adb26a353341bb42a1da21e005462a1ddeae3b8775298c33ec751e28e0cccccb6927e22b3df01a19b5681820e959ee684c72f

    Download Submit

  • \Windows\SysWOW64\MsaShshaield.exe
    Filesize

    45KB

    MD5

    7c069c6d21ec703d76383201a48107f5

    SHA1

    3540f72c83c6bc64a624832f25b51096dcaf95f1

    SHA256

    855fee35248f31bf8b77a0b5b69194e81aa52bc53707c384be12e8e7d09ff3ef

    SHA512

    666de25c8b26b615b464c5b1d3f5c6c9aa068d2f3d0b6c8e27725cb24b3a0228b8108d17691aa1c6878df910834acf487bc0eed8d6c0459916e46d89c79f8378

    Download Submit

  • \Windows\SysWOW64\MsaShshaield.exe
    Filesize

    33KB

    MD5

    45cfc313040556ed2d94d8836a8e15da

    SHA1

    138da5862d8f81f063ad95c07d5eb32035098dfa

    SHA256

    53b1d3fa9aa3ca6f77e836d6ce4fd1f92b51f0cd1fcfa7e5f67274891196e579

    SHA512

    dbf926a538f55072d0953ce260dbfd986bfd272c86523029677f566475c1777bc6e173f93277a5b2927c5aa5cc273639a125a3ffcc10b4abfb4b39d3a9966bec

    Download Submit