Overview

overview

7

Static

static

3

50f94edabd...d7.exe

windows7-x64

7

50f94edabd...d7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 15:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    50f94edabd18ec56e6e2487bef0ed9d7.exe

  • Size

    823KB

  • MD5

    50f94edabd18ec56e6e2487bef0ed9d7

  • SHA1

    9fe3dfa8620b9a88894ed6a36e54bfa24f23d736

  • SHA256

    8510167127c417fe2f0024e48b3b964d629c19beef282a058c329e4766c30e2d

  • SHA512

    56af611a67aaa9d4246584502df46993164a551c06e3cb4237a719ea714dc07767066f870594dc7f94c85df448d060eb4795deef9592f022f264a52b9e69e968

  • SSDEEP

    24576:qKeyxTAJj7P+yW6mc1YgeZfZRZIiBqN2Qv4AdKO9m:qKeyRA0y9fWd/OiuQ/8m

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50f94edabd18ec56e6e2487bef0ed9d7.exe
    "C:\Users\Admin\AppData\Local\Temp\50f94edabd18ec56e6e2487bef0ed9d7.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files (x86)\ybxaubiar\rrwpqy.exe
      "C:\Program Files (x86)\ybxaubiar\rrwpqy.exe"
      2⤵
      • Executes dropped EXE
      PID:3000

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\ybxaubiar\rrwpqy.exe
          Filesize

          839KB

          MD5

          7b9d54667264691f58fffe4fe5ea51d9

          SHA1

          9b214850b1bd2c5a93c2e732d969841a8525d82c

          SHA256

          37373865972e181aaffd325e06543e110f132a74d92fe2b1819975fd95f8b164

          SHA512

          57661bf325e48bf92c0929cd8ff5d4f4fa3e5fd203bd5d86684e2d09905c1b4fda477947103578d278ae59daaff53ad6c14bbb08811a81542bbbbf29313e08a0

          Download Submit

        • memory/2232-1-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/2232-0-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/2232-7-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/2232-6-0x0000000000330000-0x00000000003C4000-memory.dmp

          Filesize

          592KB

          Download

        • memory/3000-10-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download