Overview

overview

7

Static

static

3

4c87bfd3d7...51.exe

windows7-x64

7

4c87bfd3d7...51.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 21:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4c87bfd3d74b17003a31d2e230ca0951.exe

  • Size

    2.6MB

  • MD5

    4c87bfd3d74b17003a31d2e230ca0951

  • SHA1

    65a1d4c1e78d40c1357f4dd7bbe4f6d337553fb8

  • SHA256

    947d26e4995eda1c27797a3323c574f51b4671e8b57a5c1501c841ec2cac4c40

  • SHA512

    9e2810f35d6800919fed2f2671567079ad95e739cdc328922df05d00d796a3234472003d722776d20114b6588ae5bfa1d7380623e2c5aaa4ce0f738f4fbb1a28

  • SSDEEP

    49152:5aHGuPbQSFu3mvVEHmmSRUUq2SEI0APh2knzLjfbTO9g4FY:QH15FRv5mBUUR8kb28

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c87bfd3d74b17003a31d2e230ca0951.exe
    "C:\Users\Admin\AppData\Local\Temp\4c87bfd3d74b17003a31d2e230ca0951.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\AppData\Local\Temp\is-0V7S9.tmp\4c87bfd3d74b17003a31d2e230ca0951.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-0V7S9.tmp\4c87bfd3d74b17003a31d2e230ca0951.tmp" /SL5="$400E2,2501952,54272,C:\Users\Admin\AppData\Local\Temp\4c87bfd3d74b17003a31d2e230ca0951.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2708

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-0V7S9.tmp\4c87bfd3d74b17003a31d2e230ca0951.tmp
          Filesize

          15KB

          MD5

          35edbb50b09a49da8af6a6de28792b9f

          SHA1

          8ba48bdbe0453e0782e32256a171055f8ef264b6

          SHA256

          74f67eab733890178dc28c87dddd60d224a6782149fbad931a180b982d03c088

          SHA512

          67df6308f06314897effa86caee92ff8552715448f318a8afdce1184835901def0eca9258efa4d1689f94e0c749525073bb3362f1699525c0628de55fe182498

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-0V7S9.tmp\4c87bfd3d74b17003a31d2e230ca0951.tmp
          Filesize

          110KB

          MD5

          7534889aaf8b9e599a2ccd28aaabfc8c

          SHA1

          320a4d00aac52f570040235c135c2dccdc8a373e

          SHA256

          43b3b7b560b2d875fbded2f32b37f08c5c27a557405bd273163b6312c33591eb

          SHA512

          44086065949680a50318a4b0d89ec24974aafb3f4ab95c2c1abfc712324d68e316badfe5277c34372dc244f9fff36fb7328a53f043dab8fef6e5e5d7a05851f6

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-F5BNR.tmp\_isetup\_shfoldr.dll
          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-F5BNR.tmp\itdownload.dll
          Filesize

          200KB

          MD5

          d82a429efd885ca0f324dd92afb6b7b8

          SHA1

          86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

          SHA256

          b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

          SHA512

          5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

          Download Submit

        • memory/2080-0-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2080-38-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2080-2-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2708-27-0x0000000003950000-0x0000000003951000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-23-0x0000000003910000-0x0000000003911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-31-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-32-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-30-0x0000000003A90000-0x0000000003A91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-29-0x0000000003970000-0x0000000003971000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-28-0x0000000003960000-0x0000000003961000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-34-0x0000000003D10000-0x0000000003D11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-26-0x0000000003940000-0x0000000003941000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-25-0x0000000003930000-0x0000000003931000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-24-0x0000000003920000-0x0000000003921000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-33-0x0000000003D00000-0x0000000003D01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-22-0x00000000008B0000-0x00000000008B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-21-0x00000000008A0000-0x00000000008A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-20-0x0000000000890000-0x0000000000891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-15-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-35-0x0000000003D60000-0x0000000003D61000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-36-0x0000000003D70000-0x0000000003D71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-37-0x0000000003D80000-0x0000000003D81000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-18-0x00000000002D0000-0x000000000030C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2708-39-0x0000000000400000-0x00000000004BC000-memory.dmp

          Filesize

          752KB

          Download

        • memory/2708-40-0x00000000002D0000-0x000000000030C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2708-41-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2708-47-0x00000000002D0000-0x000000000030C000-memory.dmp

          Filesize

          240KB

          Download