Overview

overview

7

Static

static

3

4319d3e2bf...f4.exe

windows7-x64

7

4319d3e2bf...f4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 07:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4319d3e2bf6089e2a65a118b52eb48f4.exe

  • Size

    48KB

  • MD5

    4319d3e2bf6089e2a65a118b52eb48f4

  • SHA1

    cdb8e31fcf14f8d1bd8125c3ae8d84bc62ab3936

  • SHA256

    03a405903cdf8988375d01b24789dbf7ae6bd5d9a027026d4247aedfe26b3720

  • SHA512

    fb46cea80af5009d0f9ae95b80244449b44f97359b4459c0144ca1404772c197a5447c45b500816994c8ae5d0f38e3d94001e3d4cdd6f5bfb65ade27b40ba3c0

  • SSDEEP

    768:nYfoKSs711PsED3VK2+ZtyOjgO4r9vFAg2rqwdmCcaJB:nAYTjipvF2nS4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\foxupdater.exe
    "C:\Users\Admin\AppData\Local\Temp\foxupdater.exe"
    1⤵
    • Executes dropped EXE
    PID:2516
  • C:\Users\Admin\AppData\Local\Temp\4319d3e2bf6089e2a65a118b52eb48f4.exe
    "C:\Users\Admin\AppData\Local\Temp\4319d3e2bf6089e2a65a118b52eb48f4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    24KB

    MD5

    c505f1830c524dcd2d5c267da5d3e378

    SHA1

    816f7330f089612d911e95a99285e3cff23f3d27

    SHA256

    7a447ba9e782a36481f089fe499daa0c1f448584993917726a78c2bc92fb7bdc

    SHA512

    09e006a53bef95aba7cb7575e346518e1115a005488ed87b88206d94db4b6e22f2b4a168effb7f59d5e048f260f1833c589f74cdddf420566336e1cd15411564

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar24D4.tmp
    Filesize

    4KB

    MD5

    28bd1fabc38b2587ef4041b11fd3ac6a

    SHA1

    803700f6b2b89a5c06356569908ca1af23067638

    SHA256

    702574ea4240fda88dcb09864ac9f82e6f44ef06ada0c2274af239ceccb2688d

    SHA512

    c2a83813727ab6dac249f0ce0ed86daef3644e4ab0daabbe0d90186c37d8420b59e3888ed2a9841a8f8c1a7c2238d53bb89f3f40c8d607d817590807f3ac71f3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\foxupdater.exe
    Filesize

    9KB

    MD5

    e71551d47ab22fe3ce9fd55ce153f28d

    SHA1

    c64811b47a40cc476d77adbab6f8f8d12e9e8764

    SHA256

    f414b10a3d68f187c54ae86fa22e22490da8296c3153a419d2ef65eaad363f0d

    SHA512

    3bbe07fd16e86ca5681f90c2abd0743102196feb88ce6d544e90d05a0204e1f367bb9ea36004431c3812a73b764d124463301cdfcd76c1897da046ce6ac708b8

    Download Submit

  • memory/1368-1-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2516-8-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download