c9fb7748b12c692347e65ec3a8c77315788226a6a8d1cab9bc958468e821b959

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/01/2024, 17:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6fddfc798857a4a568c2793ddf86f69e.exe
Size

15.6MB
MD5

6fddfc798857a4a568c2793ddf86f69e
SHA1

959e078af5f26a891fed16d33aca4531cb1761a6
SHA256

c9fb7748b12c692347e65ec3a8c77315788226a6a8d1cab9bc958468e821b959
SHA512

85b8ceb339b415d9c081a00bcf2bd1d421c9cc95922ca14e5317cf62760503148419d74d8af8b9586ee8ae1e2a85e498de64da3d0358e9af9e36d146be780aeb
SSDEEP

393216:dNPqL1Utojn4vM2XNeDt85ZxJbCFSQVKKvYh+gWVNxyZ:dE4eUZxJbCFSiYVWTxyZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2812	6fddfc798857a4a568c2793ddf86f69e.tmp

Loads dropped DLL 4 IoCs

pid	Process
2712	6fddfc798857a4a568c2793ddf86f69e.exe
2812	6fddfc798857a4a568c2793ddf86f69e.tmp
2812	6fddfc798857a4a568c2793ddf86f69e.tmp
2812	6fddfc798857a4a568c2793ddf86f69e.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2812	6fddfc798857a4a568c2793ddf86f69e.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2812	2712	6fddfc798857a4a568c2793ddf86f69e.exe	28
PID 2712 wrote to memory of 2812	2712	6fddfc798857a4a568c2793ddf86f69e.exe	28
PID 2712 wrote to memory of 2812	2712	6fddfc798857a4a568c2793ddf86f69e.exe	28
PID 2712 wrote to memory of 2812	2712	6fddfc798857a4a568c2793ddf86f69e.exe	28
PID 2712 wrote to memory of 2812	2712	6fddfc798857a4a568c2793ddf86f69e.exe	28
PID 2712 wrote to memory of 2812	2712	6fddfc798857a4a568c2793ddf86f69e.exe	28
PID 2712 wrote to memory of 2812	2712	6fddfc798857a4a568c2793ddf86f69e.exe	28

C:\Users\Admin\AppData\Local\Temp\6fddfc798857a4a568c2793ddf86f69e.exe
"C:\Users\Admin\AppData\Local\Temp\6fddfc798857a4a568c2793ddf86f69e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\is-5FB8F.tmp\6fddfc798857a4a568c2793ddf86f69e.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5FB8F.tmp\6fddfc798857a4a568c2793ddf86f69e.tmp" /SL5="$400E4,15976984,142336,C:\Users\Admin\AppData\Local\Temp\6fddfc798857a4a568c2793ddf86f69e.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-5FB8F.tmp\6fddfc798857a4a568c2793ddf86f69e.tmp

Filesize
448KB

MD5
0b1897010c63e6206a064857c0ffeed2

SHA1
50f642fd0dd8bf9d2eddab4ce6bddca9213b8fd0

SHA256
046eb5d9690835991ee73e47f2550d1d937e2f6a116d2841f04e32f5a4444abb

SHA512
c6922c9fa3ce19e93c5cc819f8208305f6f039ed33cc8fbbae907a4f42da658502d4866fec31663f29a3da14b348f4824b6372909e7f6992b5ec6c093e89d983

Download Submit
\Users\Admin\AppData\Local\Temp\is-5FB8F.tmp\6fddfc798857a4a568c2793ddf86f69e.tmp

Filesize
320KB

MD5
fa979a12b4dffbe6f8e599f57277355e

SHA1
7c49f1c9e9fe038f9a6b1eb82e317bb4e0d78b69

SHA256
b5938608c6c44ea715c394d0baf46485af7c061c5b814d9b286472915dafb654

SHA512
bb8d73ccce521f615ad80fa159d48730ed68b7acf5b37e9cd9746817ce45c5a807dcb410ec37eb89f511b29bc141d6191e1b6d805af221bc7187dd21cd2a3e7f

Download Submit
\Users\Admin\AppData\Local\Temp\is-GA7B7.tmp\VersionInfo.dll

Filesize
72KB

MD5
effdc5477f85810360339c4e4d3e4f50

SHA1
b138256d30b8a6374494a8c53f60befa6a6504fd

SHA256
22d3b5cdaf4f1369b035d1296d16cc262775bc1c54c7d266c2f1abff9a0c5959

SHA512
3d17c66855727d8de4a24119f8c6a1b616bea0d120795aa8cd1c8ca039dadc28ac96fbde2e222c64d24bd3c11f4ef051bd8a7f0b0989fbb470fd0e77fcc1107b

Download Submit
\Users\Admin\AppData\Local\Temp\is-GA7B7.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/2712-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2712-18-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2812-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2812-19-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/2812-22-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads