Overview

overview

7

Static

static

3

438404e918...9e.exe

windows7-x64

7

438404e918...9e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05-01-2024 11:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    438404e918c05eff548c55fe1c84de9e.exe

  • Size

    1.8MB

  • MD5

    438404e918c05eff548c55fe1c84de9e

  • SHA1

    1f7b5c11a8f96bacfff53c1354352bf935174baf

  • SHA256

    4cf9e97cd8f69a04fc15a5972ac5ed3750f5805a971d4d8609219146753f757c

  • SHA512

    2b9b7d86f68ad88d6414001dccf3f3c70af7b1058f3e2c9639a3369829378535418f526e2755d6ef1ee865d486f92f22f7ec951f31d0ceb506cedf53f1e4efcc

  • SSDEEP

    24576:dgdhhQGGnnazLpj4VHogiuGYNycAavew3mwmI1nk30sKbcGOyRW9ZKGDfHHELmmo:dqgazxcGYN139lnk30roDfE9tyAy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\qq\cusjksrvbmll.exe
    "C:\Program Files (x86)\qq\cusjksrvbmll.exe"
    1⤵
    • Executes dropped EXE
    PID:3056
  • C:\Users\Admin\AppData\Local\Temp\438404e918c05eff548c55fe1c84de9e.exe
    "C:\Users\Admin\AppData\Local\Temp\438404e918c05eff548c55fe1c84de9e.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\qq\cusjksrvbmll.exe
    Filesize

    896KB

    MD5

    f4a548c73bd2551571179e4a20528db1

    SHA1

    4543ad85b64cf96f53480854ff92bf242f344c0d

    SHA256

    d6f0ca1e1f1e6b24be20c6dea13f6ba11dc3bd7d02d03fe445875e004d95326c

    SHA512

    88d603574854f2bd4433a59fd9bae5e1725e616ef18ec04043084f0b32931173202552c02ff19f5dbe5a8aa0ba3dc91ef5a0f0259ed876f312fe71716056d7df

    Download Submit

  • \Program Files (x86)\qq\cusjksrvbmll.exe
    Filesize

    1.1MB

    MD5

    59f222ae79ada0d085dc13bc12fa4c91

    SHA1

    a0ad7e4a8ee149395c340ac4ad23cdc9fee71595

    SHA256

    c0921bdbf5a04c44c95dabd796f7563519c34c4f704c430e464e7e3f2a87f95c

    SHA512

    be241720e9d4fc511fbe19429b540351bb6fc5b767e1ce98d24328379f0d7937e229a7f8035dd4dc9b1177a1f438556248381202339853baf7495d2076325b2f

    Download Submit

  • memory/3012-5-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/3056-6-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download