Overview

overview

7

Static

static

3

57cf9f8f97...b2.exe

windows7-x64

7

57cf9f8f97...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/01/2024, 03:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    57cf9f8f973ff9ef8b722b45b8c60db2.exe

  • Size

    76KB

  • MD5

    57cf9f8f973ff9ef8b722b45b8c60db2

  • SHA1

    0dd593a2bcd25127ed3600ab3b8bf5d2aa36b971

  • SHA256

    34e1162151589c11d175412c8d84666b781a66f4b9690b71574348824df5a18b

  • SHA512

    44a089f2c5a59774306415ba8db98669c00dd777a54ea0a94053d0b32326f221e6a65bea53b5c78400e0e8477c30fe382256d4e6c3901e750284f2f55e2f282c

  • SSDEEP

    1536:IZTRuvQhDQnx15j6x+MTVqc+8f/NntAcqRSEaWEBL/:IRYvQhkv5VMTVq78NntLEaWEZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 20 IoCs
  • Drops file in System32 directory 22 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57cf9f8f973ff9ef8b722b45b8c60db2.exe
    "C:\Users\Admin\AppData\Local\Temp\57cf9f8f973ff9ef8b722b45b8c60db2.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\SysWOW64\DllServ.exe
      C:\Windows\system32\DllServ.exe 540 "C:\Users\Admin\AppData\Local\Temp\57cf9f8f973ff9ef8b722b45b8c60db2.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Windows\SysWOW64\DllServ.exe
        C:\Windows\system32\DllServ.exe 524 "C:\Windows\SysWOW64\DllServ.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:2924
        • C:\Windows\SysWOW64\DllServ.exe
          C:\Windows\system32\DllServ.exe 528 "C:\Windows\SysWOW64\DllServ.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of WriteProcessMemory
          PID:564
          • C:\Windows\SysWOW64\DllServ.exe
            C:\Windows\system32\DllServ.exe 532 "C:\Windows\SysWOW64\DllServ.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious use of WriteProcessMemory
            PID:1128
            • C:\Windows\SysWOW64\DllServ.exe
              C:\Windows\system32\DllServ.exe 516 "C:\Windows\SysWOW64\DllServ.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious use of WriteProcessMemory
              PID:2060
              • C:\Windows\SysWOW64\DllServ.exe
                C:\Windows\system32\DllServ.exe 544 "C:\Windows\SysWOW64\DllServ.exe"
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in System32 directory
                • Suspicious use of WriteProcessMemory
                PID:1916
                • C:\Windows\SysWOW64\DllServ.exe
                  C:\Windows\system32\DllServ.exe 548 "C:\Windows\SysWOW64\DllServ.exe"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Drops file in System32 directory
                  • Suspicious use of WriteProcessMemory
                  PID:2912
                  • C:\Windows\SysWOW64\DllServ.exe
                    C:\Windows\system32\DllServ.exe 552 "C:\Windows\SysWOW64\DllServ.exe"
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of WriteProcessMemory
                    PID:1588
                    • C:\Windows\SysWOW64\DllServ.exe
                      C:\Windows\system32\DllServ.exe 560 "C:\Windows\SysWOW64\DllServ.exe"
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Drops file in System32 directory
                      • Suspicious use of WriteProcessMemory
                      PID:2372
                      • C:\Windows\SysWOW64\DllServ.exe
                        C:\Windows\system32\DllServ.exe 564 "C:\Windows\SysWOW64\DllServ.exe"
                        11⤵
                        • Executes dropped EXE
                        • Drops file in System32 directory
                        PID:1928

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\DllServ.exe
          Filesize

          76KB

          MD5

          57cf9f8f973ff9ef8b722b45b8c60db2

          SHA1

          0dd593a2bcd25127ed3600ab3b8bf5d2aa36b971

          SHA256

          34e1162151589c11d175412c8d84666b781a66f4b9690b71574348824df5a18b

          SHA512

          44a089f2c5a59774306415ba8db98669c00dd777a54ea0a94053d0b32326f221e6a65bea53b5c78400e0e8477c30fe382256d4e6c3901e750284f2f55e2f282c

          Download Submit

        • memory/564-29-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/564-23-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/1128-28-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/1128-35-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/1128-32-0x00000000027B0000-0x0000000002829000-memory.dmp

          Filesize

          484KB

          Download

        • memory/1588-52-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/1588-47-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/1916-43-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/1928-56-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2060-34-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2060-39-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2360-14-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2360-0-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2360-11-0x0000000002580000-0x00000000025F9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2372-57-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2732-19-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2732-12-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2912-48-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2924-24-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2924-18-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download