Overview

overview

7

Static

static

3

3ecb9ec3bd...ff.exe

windows7-x64

7

3ecb9ec3bd...ff.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    266s
  • max time network
    319s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2024, 14:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3ecb9ec3bdb4b4cedc2b0bf90e2a65ff.exe

  • Size

    663KB

  • MD5

    3ecb9ec3bdb4b4cedc2b0bf90e2a65ff

  • SHA1

    c49d9bb05210d6f581635ecb8d11a90c253ff283

  • SHA256

    eb01159dd0da755c77baf8b111a89f52dbcebd17739fa8a595905c84a815a37e

  • SHA512

    2305cca826b0f28315b0ee9e0c4dbb0b3703dd6a2888cfd7447cff9386ffa56ccb610da4e9b4b59383b890926cee459c721d98aba9fa16c451907e0a8e03c684

  • SSDEEP

    12288:GFGawBwy2MZqy4e2TgQCgjUapKV22oLeuMNRwE4jvTYolQBGBWyFmErLKd9XqdgT:Nawr7Zo7CgZu2E4Sx0OT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 9 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ecb9ec3bdb4b4cedc2b0bf90e2a65ff.exe
    "C:\Users\Admin\AppData\Local\Temp\3ecb9ec3bdb4b4cedc2b0bf90e2a65ff.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Users\Admin\AppData\Local\Temp\opeBA0C.exe
      "C:\Users\Admin\AppData\Local\Temp\opeBA0C.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2908
  • C:\Windows\G_Server1.23.exe
    C:\Windows\G_Server1.23.exe
    1⤵
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Program Files\Internet ExplorEr\IEXPLORE.EXE
      "C:\Program Files\Internet ExplorEr\IEXPLORE.EXE"
      2⤵
        PID:2684
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4a8
      1⤵
        PID:632

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\opeBA0C.exe
              Filesize

              662KB

              MD5

              27d3c239e174703881f63ce3d8529a5c

              SHA1

              cb74253ff5d6c23d57c83da03d297e1f2738540b

              SHA256

              85740aa7a79037f63448363c1ab4b7c00dade664f8c54d433b39f3f329ba0584

              SHA512

              2a50ef977df2bd4fd9af2698cd09700f7a40765548a66825882e56c425a4406709d208377d924399849fced9a8dfbf3bdd86fd0e26e08dcf8d11dda489ad6761

              Download Submit

            • \Users\Admin\AppData\Local\Temp\opeBA0C.exe
              Filesize

              240KB

              MD5

              9e5229806d18c0ce9c173e9494904abc

              SHA1

              4fc944302e06e8825327647821cd4440cd0f5719

              SHA256

              e655969a8e6e9c4f699ab9cd6ac6daf073a5491e44501d1f5e0c491972af4381

              SHA512

              0cb572a818408e9518100464595d4ce755b0e81d1c152fa884b645e0a72af4660cdbb035275167a61c9da6cf0122506e2ae3aad8f4ac008caffe4940ac608bd7

              Download Submit

            • memory/1736-19-0x00000000026E0000-0x000000000278D000-memory.dmp

              Filesize

              692KB

              Download

            • memory/1736-11-0x0000000000400000-0x00000000004A7A0C-memory.dmp

              Filesize

              670KB

              Download

            • memory/1736-9-0x00000000026E0000-0x000000000278D000-memory.dmp

              Filesize

              692KB

              Download

            • memory/1736-13-0x00000000026E0000-0x000000000278D000-memory.dmp

              Filesize

              692KB

              Download

            • memory/1736-0-0x0000000000400000-0x00000000004A7A0C-memory.dmp

              Filesize

              670KB

              Download

            • memory/1748-21-0x0000000000400000-0x00000000004AD000-memory.dmp

              Filesize

              692KB

              Download

            • memory/1748-22-0x0000000000240000-0x0000000000241000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1748-24-0x0000000000400000-0x00000000004AD000-memory.dmp

              Filesize

              692KB

              Download

            • memory/1748-25-0x0000000000240000-0x0000000000241000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2908-12-0x0000000000400000-0x00000000004AD000-memory.dmp

              Filesize

              692KB

              Download

            • memory/2908-14-0x0000000000300000-0x0000000000301000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2908-18-0x0000000000400000-0x00000000004AD000-memory.dmp

              Filesize

              692KB

              Download