Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-01-2024 07:54
Static task
static1
Behavioral task
behavioral1
Sample
55e68941cb7c78cae70cab05387ac4b5.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
55e68941cb7c78cae70cab05387ac4b5.exe
Resource
win10v2004-20231222-en
General
-
Target
55e68941cb7c78cae70cab05387ac4b5.exe
-
Size
1.1MB
-
MD5
55e68941cb7c78cae70cab05387ac4b5
-
SHA1
179be50acffbdd248fddfa9b9b1642989148a5eb
-
SHA256
e826cee1d8595fba0d3f9e1b5052678bf29a07e3d9361887942bec2b45de55e7
-
SHA512
1120f834a9c58e7a2c71d5138e77519010dbbe9281b7902bda27895fcdcd09f235f84f8e6d865588d028185a1682d2eee426f1038a452cedba93b0138cb65d4e
-
SSDEEP
24576:Y3VI6/lanm1Zcy0e79Ja7UN04V+QMuqCZlP4FQKQC:Y3O6dWmTN79Ja7oTzrkH
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1780 update.exe -
Loads dropped DLL 5 IoCs
pid Process 3040 55e68941cb7c78cae70cab05387ac4b5.exe 1780 update.exe 1780 update.exe 1780 update.exe 1780 update.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\setupapi.log update.exe File opened for modification \??\c:\windows\KB892130.log update.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3040 wrote to memory of 1780 3040 55e68941cb7c78cae70cab05387ac4b5.exe 28 PID 3040 wrote to memory of 1780 3040 55e68941cb7c78cae70cab05387ac4b5.exe 28 PID 3040 wrote to memory of 1780 3040 55e68941cb7c78cae70cab05387ac4b5.exe 28 PID 3040 wrote to memory of 1780 3040 55e68941cb7c78cae70cab05387ac4b5.exe 28 PID 3040 wrote to memory of 1780 3040 55e68941cb7c78cae70cab05387ac4b5.exe 28 PID 3040 wrote to memory of 1780 3040 55e68941cb7c78cae70cab05387ac4b5.exe 28 PID 3040 wrote to memory of 1780 3040 55e68941cb7c78cae70cab05387ac4b5.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\55e68941cb7c78cae70cab05387ac4b5.exe"C:\Users\Admin\AppData\Local\Temp\55e68941cb7c78cae70cab05387ac4b5.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\1a72fd70638877efd466fb\update\update.exec:\1a72fd70638877efd466fb\update\update.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:1780
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
331KB
MD5139de0385ce83eba9dd0079affeb32db
SHA157ad14cdfe4aaf8d4bf03b397ab977fb48e9c78d
SHA256703c301cb8be893a455cddaae8b28f030d1a5b29f8ce7c61d5d90e11efb21446
SHA51270e3f5b79f05a1247621c71d0953c6d0bbacf3b1fefe855f0fb00f069d418e925caf7b99f4d20bb452b3ae23bb8eaab78c6f7cd5603bc72b59c3521a1af560b9
-
Filesize
724KB
MD5b9fa27bea6b6fb59cd79aa46e58f9176
SHA1fe65b899ed5a8c095a7e6a996e48fab5097482a0
SHA25612f4bcba366c909145ade38924aacc11bc12d8696c37bb05567055fab81c70ef
SHA51245f7152ba7b878b470048be07eae9e4e9daf8bcba8a2ad989b2aa9479ee1e38c335ae98387d687fc57ffb015c9530798bbb2f80e04f90defe7404b0103085bb7
-
Filesize
370KB
MD5e7838da61860dab7a231074e9e854dfe
SHA1ac23a0a3ba6ef35a36f655269819399f91e58d2b
SHA256966b56a5618d10cfde641cc7b416b99ae173759eaeb3ac57c94d957dd22fa288
SHA5124a8c7ff8518220f8dedb46d1272b9e27205d7725797c58c9099bae3a53746fb3790b5e68adc044ad85e1dfd64f5c16d98536d7827aa73e7197adff91e8c8d4c0
-
Filesize
8KB
MD5e67aa03235c90b62d78740eb05629d24
SHA1849b5dcbdb367ab89b2cbfe855270e67a3f28422
SHA25688ae109a55af9d9767e7d5ca9e704017b6e2cad5b3ca89fc93adc33c4fe137cd
SHA512bf192923939720788a0aabbb6ecc9e4e0a014c22a39a803b7ee4f25ba4e63f440cd73cbefd3877d4b046f8c01e1b6fec48e7aa741d24ae349821b0f2c5922d3f