344474726c7328a60776ea9f2bdb1227b5aebb1906e898edde5745c2f32df209

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

736c6bb78b677b958bbcd861830209bf.exe
Size

321KB
MD5

736c6bb78b677b958bbcd861830209bf
SHA1

289b1f6e1350aad92601e9fcb4f2647ed2f83249
SHA256

344474726c7328a60776ea9f2bdb1227b5aebb1906e898edde5745c2f32df209
SHA512

dcca1fcccc75ed205c03729ebf9697722b3a86c5aed3251119246420e431a35c1452113b1f025afa503e36df15ff7acbeccc0ec765440b51aa024fa3e00881f3
SSDEEP

6144:s8qqo1hkVwWZfqTWyr44pZ8Yr73F9WRPEua5jDTA/XKaTIsLiX7+xEEaX7rY:dqq1//gqc7V9cPcxM/Xh0yO+i2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2788	BB73.tmp

Loads dropped DLL 3 IoCs

pid	Process
3032	736c6bb78b677b958bbcd861830209bf.exe
3032	736c6bb78b677b958bbcd861830209bf.exe
3032	736c6bb78b677b958bbcd861830209bf.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3032	736c6bb78b677b958bbcd861830209bf.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2788	3032	736c6bb78b677b958bbcd861830209bf.exe	28
PID 3032 wrote to memory of 2788	3032	736c6bb78b677b958bbcd861830209bf.exe	28
PID 3032 wrote to memory of 2788	3032	736c6bb78b677b958bbcd861830209bf.exe	28
PID 3032 wrote to memory of 2788	3032	736c6bb78b677b958bbcd861830209bf.exe	28
PID 3032 wrote to memory of 2776	3032	736c6bb78b677b958bbcd861830209bf.exe	29
PID 3032 wrote to memory of 2776	3032	736c6bb78b677b958bbcd861830209bf.exe	29
PID 3032 wrote to memory of 2776	3032	736c6bb78b677b958bbcd861830209bf.exe	29
PID 3032 wrote to memory of 2776	3032	736c6bb78b677b958bbcd861830209bf.exe	29

C:\Users\Admin\AppData\Local\Temp\736c6bb78b677b958bbcd861830209bf.exe
"C:\Users\Admin\AppData\Local\Temp\736c6bb78b677b958bbcd861830209bf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\BB73.tmp
  C:\Users\Admin\AppData\Local\Temp\BB73.tmp
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Users\Admin\AppData\Local\Temp\736c6bb78b677b958bbcd861830209bf.exe
  "C:\Users\Admin\AppData\Local\Temp\736c6bb78b677b958bbcd861830209bf.exe" --cp "C:\Users\Admin\AppData\Local\Temp\BB83.tmp"
  2⤵
  PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BB83.tmp

Filesize
321KB

MD5
cff9ad65ed39106c77b69abe28091658

SHA1
d678d08911ed95e2bb43da8c33f183e79c15c09b

SHA256
86dada2668f9f4ce3d371eac0d8ad379f8cdad84d82e25c207e1e5aa76e53862

SHA512
6c45d599b946780ec279570c3935b8c25288fc826ea9abaec69845558d4867ddaecd59a97a05b1f8551c8c5572ac5f2852f0142bc33fb2927c1e4583b204df1e

Download Submit
\Users\Admin\AppData\Local\Temp\BB73.tmp

Filesize
264KB

MD5
09c885f3b4cfa460a08547dc2fabb6e0

SHA1
9c0232acd4b8a4af6090c2b5430586cd4cae4d33

SHA256
37e95763ebfcee1e683f39a4c94bc4057954ed6a1cec4fbcb1d9fe6f40882140

SHA512
65121896ac5a5745c688d0c64f7930cdaf9f34b0367442b282333d531a9296c211e8af410a603db074b4ff41b42f8d8c06cc02a4685c3715a30bdcf41760c6b0

Download Submit
memory/2776-13-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2776-21-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2788-14-0x0000000000400000-0x00000000004422F8-memory.dmp

Filesize
264KB

Download
memory/2788-27-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2788-26-0x0000000000400000-0x00000000004422F8-memory.dmp

Filesize
264KB

Download
memory/3032-12-0x0000000000220000-0x000000000027A000-memory.dmp

Filesize
360KB

Download
memory/3032-10-0x0000000000220000-0x0000000000263000-memory.dmp

Filesize
268KB

Download
memory/3032-9-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3032-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3032-1-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3032-24-0x0000000000220000-0x000000000027A000-memory.dmp

Filesize
360KB

Download
memory/3032-36-0x0000000000220000-0x000000000027A000-memory.dmp

Filesize
360KB

Download
memory/3032-37-0x0000000000220000-0x000000000027A000-memory.dmp

Filesize
360KB

Download