Overview

overview

7

Static

static

1

3fbc6d5db5...8d.exe

windows7-x64

7

3fbc6d5db5...8d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2024 03:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fbc6d5db55638e3259b2f11f718fc8d.exe

  • Size

    235KB

  • MD5

    3fbc6d5db55638e3259b2f11f718fc8d

  • SHA1

    9e6b383e3c61422ace98a4e969eb29f9a65f0718

  • SHA256

    e9de74aaf4b6a46b1b4b58d82addadb6fde86d38c113926c81cc314ab0158658

  • SHA512

    f19d887f530cc89dfa40163af537a43f914aa99794bedac80910ffae010d8d231854b248ebf78e9db0b614b8cd211491152ef0a088faba07418b322759e0f7ab

  • SSDEEP

    6144:NRgym92YGB+40vPLGPASXGachomI69VaxYTf:/6fu+40vPuX819Vj7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fbc6d5db55638e3259b2f11f718fc8d.exe
    "C:\Users\Admin\AppData\Local\Temp\3fbc6d5db55638e3259b2f11f718fc8d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1320
    • C:\Users\Admin\AppData\Local\Temp\7zS8C7.tmp\winvnc.exe
      .\winvnc.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\7zS8C7.tmp\winvnc.exe
    Filesize

    240KB

    MD5

    b4c64a5fda48e9c4ff91d7e7d93ddf5b

    SHA1

    264dc61352a26ca136d8206ee40b58824a63ade7

    SHA256

    d7a8b19d476c351b7f04b0582494b4153a2580d89af233d1f1db7ad46b9a947f

    SHA512

    6e39c5432b064cfe190d14fe7bfc4b1ccfc3008bd18b1b98c10bcd666724a6a00650250055eea082ff5bc0007024dd0cc131aa109ed606952492f051e25f8c63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS8C7.tmp\winvnc.exe
    Filesize

    92KB

    MD5

    e93695695150f03cbca1f8a2f072cc20

    SHA1

    0be1a74b0b80f1f3d6818b0566c32025dabaad08

    SHA256

    195d93f595b20b5239325a396b280163fe6603ccf147eac33ae127d40fc3a4ec

    SHA512

    e33d01e4f5a14e9a3fe01534664230c709a01af3dc275c7aecc3b64444fe8f44d4e9b8b349c3619bd3e336e87d3c3bddbd34d91a66f90c797acb599fe4da883e

    Download Submit