Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2024 07:54

General

  • Target

    55e68941cb7c78cae70cab05387ac4b5.exe

  • Size

    1.1MB

  • MD5

    55e68941cb7c78cae70cab05387ac4b5

  • SHA1

    179be50acffbdd248fddfa9b9b1642989148a5eb

  • SHA256

    e826cee1d8595fba0d3f9e1b5052678bf29a07e3d9361887942bec2b45de55e7

  • SHA512

    1120f834a9c58e7a2c71d5138e77519010dbbe9281b7902bda27895fcdcd09f235f84f8e6d865588d028185a1682d2eee426f1038a452cedba93b0138cb65d4e

  • SSDEEP

    24576:Y3VI6/lanm1Zcy0e79Ja7UN04V+QMuqCZlP4FQKQC:Y3O6dWmTN79Ja7oTzrkH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55e68941cb7c78cae70cab05387ac4b5.exe
    "C:\Users\Admin\AppData\Local\Temp\55e68941cb7c78cae70cab05387ac4b5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3040
    • \??\c:\1a72fd70638877efd466fb\update\update.exe
      c:\1a72fd70638877efd466fb\update\update.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\1a72fd70638877efd466fb\update\update.exe

    Filesize

    331KB

    MD5

    139de0385ce83eba9dd0079affeb32db

    SHA1

    57ad14cdfe4aaf8d4bf03b397ab977fb48e9c78d

    SHA256

    703c301cb8be893a455cddaae8b28f030d1a5b29f8ce7c61d5d90e11efb21446

    SHA512

    70e3f5b79f05a1247621c71d0953c6d0bbacf3b1fefe855f0fb00f069d418e925caf7b99f4d20bb452b3ae23bb8eaab78c6f7cd5603bc72b59c3521a1af560b9

  • \1a72fd70638877efd466fb\update\update.exe

    Filesize

    724KB

    MD5

    b9fa27bea6b6fb59cd79aa46e58f9176

    SHA1

    fe65b899ed5a8c095a7e6a996e48fab5097482a0

    SHA256

    12f4bcba366c909145ade38924aacc11bc12d8696c37bb05567055fab81c70ef

    SHA512

    45f7152ba7b878b470048be07eae9e4e9daf8bcba8a2ad989b2aa9479ee1e38c335ae98387d687fc57ffb015c9530798bbb2f80e04f90defe7404b0103085bb7

  • \??\c:\1a72fd70638877efd466fb\update\UPDSPAPI.dll

    Filesize

    370KB

    MD5

    e7838da61860dab7a231074e9e854dfe

    SHA1

    ac23a0a3ba6ef35a36f655269819399f91e58d2b

    SHA256

    966b56a5618d10cfde641cc7b416b99ae173759eaeb3ac57c94d957dd22fa288

    SHA512

    4a8c7ff8518220f8dedb46d1272b9e27205d7725797c58c9099bae3a53746fb3790b5e68adc044ad85e1dfd64f5c16d98536d7827aa73e7197adff91e8c8d4c0

  • \??\c:\1a72fd70638877efd466fb\update\update.inf

    Filesize

    8KB

    MD5

    e67aa03235c90b62d78740eb05629d24

    SHA1

    849b5dcbdb367ab89b2cbfe855270e67a3f28422

    SHA256

    88ae109a55af9d9767e7d5ca9e704017b6e2cad5b3ca89fc93adc33c4fe137cd

    SHA512

    bf192923939720788a0aabbb6ecc9e4e0a014c22a39a803b7ee4f25ba4e63f440cd73cbefd3877d4b046f8c01e1b6fec48e7aa741d24ae349821b0f2c5922d3f