9ce9e7cae46c523373d54f11fa5b0377917845c6695b872abe90fcaac4f0a296 | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 19:29

Sharing

Report Analysis Logs

General

Target

5750170d250324545c42ad33ed1eee38.exe
Size

58KB
MD5

5750170d250324545c42ad33ed1eee38
SHA1

779f82ba4b9d242fd584507c22392ab73c8412af
SHA256

9ce9e7cae46c523373d54f11fa5b0377917845c6695b872abe90fcaac4f0a296
SHA512

52854b010b375b2728d4a94d1c81cc9beea8ed8b4df5bbc052d40c34ecc3998565b4ba18edaad04d0dbf53fb866f4c2ce24a7b98fce6d5017206bb6532ed4cac
SSDEEP

768:2FOvFOGl/FFOsXbG/p0Gd3Yn5ZNy3lKGdy+/tT/awjV:ds62sLIGGd3+3Ny1JEmb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2108	WinRo

Loads dropped DLL 2 IoCs

pid	Process
3048	5750170d250324545c42ad33ed1eee38.exe
3048	5750170d250324545c42ad33ed1eee38.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WinRo	5750170d250324545c42ad33ed1eee38.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3048	5750170d250324545c42ad33ed1eee38.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2108	3048	5750170d250324545c42ad33ed1eee38.exe	28
PID 3048 wrote to memory of 2108	3048	5750170d250324545c42ad33ed1eee38.exe	28
PID 3048 wrote to memory of 2108	3048	5750170d250324545c42ad33ed1eee38.exe	28
PID 3048 wrote to memory of 2108	3048	5750170d250324545c42ad33ed1eee38.exe	28

C:\Users\Admin\AppData\Local\Temp\5750170d250324545c42ad33ed1eee38.exe
"C:\Users\Admin\AppData\Local\Temp\5750170d250324545c42ad33ed1eee38.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\WinRo
  C:\Windows\system32\WinRo
  2⤵
  - Executes dropped EXE
  PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\WinRo

Filesize
38KB

MD5
a2f58a2e9930402da51d9e2c9cb46cc3

SHA1
5855df393cfa6e4d1cdff70813b78de4663ace7d

SHA256
7e96289ff4ac7d937ee65b66b6aa841bdf5cdf4c3aac7f7c492f75b42972b95c

SHA512
d79ea4e7be680d83669594b26a23254f00e3ae9b8c4d8c67579502ccbb53e057d50d850bfb54362e9882ab3161f1012e40cadc3bdd1f046a94a1af62089e63f6

Download Submit