Overview

overview

7

Static

static

3

41f2fe6009...7f.exe

windows7-x64

7

41f2fe6009...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06-01-2024 01:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41f2fe6009441804e7368bcc5f00d47f.exe

  • Size

    2.7MB

  • MD5

    41f2fe6009441804e7368bcc5f00d47f

  • SHA1

    d49ebb4ee7c2bf38030a0f23cc655380446b9c8c

  • SHA256

    f809dfd68b236e19503d5d1f28fe2e4ddf3fb1488dfcd352e8f9ed8ef21e2bc4

  • SHA512

    0bef96bb9c30bd75bd8acefa64c44b6f9d51f90b14c74950baf4bdf9d04425ae647ba7e5d49e957eb210bdee6d883922846e5f5281c71ccb898e07d18c102b32

  • SSDEEP

    49152:5awRLbpEtTYMWegQpQukSVrtoI2etch+ocWurm+u/bQf0qPWoinXBgJ:QwZbpOT/KuvOI2wocLu/b5ZTRgJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41f2fe6009441804e7368bcc5f00d47f.exe
    "C:\Users\Admin\AppData\Local\Temp\41f2fe6009441804e7368bcc5f00d47f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Users\Admin\AppData\Local\Temp\is-1V61T.tmp\41f2fe6009441804e7368bcc5f00d47f.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1V61T.tmp\41f2fe6009441804e7368bcc5f00d47f.tmp" /SL5="$5014C,2392013,54272,C:\Users\Admin\AppData\Local\Temp\41f2fe6009441804e7368bcc5f00d47f.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-H5E5N.tmp\Games.inf
    Filesize

    217B

    MD5

    52e122b34d0acfb487ad2f654c1d7e80

    SHA1

    3990f9e7aac8d6c35ecc8a18e7afd317acbe0ea3

    SHA256

    040780e0bc1c5d32064e2f311b769473af298ac53bee0b2397c694d4f6b7465e

    SHA512

    c0b29f91c7260fa6c7f33e40a0e0a0eeef94fdadda8d3a765f3bec1ea27ec325cd6196306c3b554957dab6bc8df53f148e55256780c153668cb03cceb4b89430

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-H5E5N.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-H5E5N.tmp\isxdl.dll
    Filesize

    49KB

    MD5

    02ecc74f7f91e9ffd84de708683236a6

    SHA1

    3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

    SHA256

    30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

    SHA512

    a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

    Download Submit

  • memory/1904-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1904-39-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1904-42-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1928-1-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1928-38-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download