Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:00
Static task
static1
Behavioral task
behavioral1
Sample
74eb2f2296203d16e8c89bcb8c851af1.exe
Resource
win7-20231215-en
General
-
Target
74eb2f2296203d16e8c89bcb8c851af1.exe
-
Size
1.9MB
-
MD5
74eb2f2296203d16e8c89bcb8c851af1
-
SHA1
4928221fab39131cafd862f8887a9a603c970938
-
SHA256
975d5da5cfc98e13ce4ee32e45366f3cb2409add17890a83fc957457e9777509
-
SHA512
9368fda0f64692f639ee121cb8f85b0c17da4b7635bb033c4a24e9504a2ac083a69b1754f08c37471d2c78e8d5dad5b05e6865ac5b3bda1d01b667f5d80d1898
-
SSDEEP
24576:N2oo60HPdt+1CRiY2eOBvcj3u10dmtcixMWZ5MVfIM1q2TF2MlCi5gAJ2ZkfxBDo:Qoa1taC070doM0vM42T10ez72W0l7AE3
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
3FED.tmppid process 1548 3FED.tmp -
Executes dropped EXE 1 IoCs
Processes:
3FED.tmppid process 1548 3FED.tmp -
Loads dropped DLL 1 IoCs
Processes:
74eb2f2296203d16e8c89bcb8c851af1.exepid process 1632 74eb2f2296203d16e8c89bcb8c851af1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
74eb2f2296203d16e8c89bcb8c851af1.exedescription pid process target process PID 1632 wrote to memory of 1548 1632 74eb2f2296203d16e8c89bcb8c851af1.exe 3FED.tmp PID 1632 wrote to memory of 1548 1632 74eb2f2296203d16e8c89bcb8c851af1.exe 3FED.tmp PID 1632 wrote to memory of 1548 1632 74eb2f2296203d16e8c89bcb8c851af1.exe 3FED.tmp PID 1632 wrote to memory of 1548 1632 74eb2f2296203d16e8c89bcb8c851af1.exe 3FED.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\74eb2f2296203d16e8c89bcb8c851af1.exe"C:\Users\Admin\AppData\Local\Temp\74eb2f2296203d16e8c89bcb8c851af1.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Users\Admin\AppData\Local\Temp\3FED.tmp"C:\Users\Admin\AppData\Local\Temp\3FED.tmp" --splashC:\Users\Admin\AppData\Local\Temp\74eb2f2296203d16e8c89bcb8c851af1.exe 1F1A8A3628CD3B483EE640624895149DF20E943C9227222E136E206AC052014002072BCEE8A5E964425D406D7DE5DC352B3B3613989D32CC8D0F81591335D4B92⤵
- Deletes itself
- Executes dropped EXE
PID:1548
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\3FED.tmpFilesize
1.9MB
MD5c7a30581ec4e52d47b9b4a3d0fc2e421
SHA169c22d7df1ec250acd617d978cea49953f7d7ce3
SHA256d4f8cdb5a470ad394f6d2c03e2f6b7b2d999a153ff2b12aec18adb4a315711d8
SHA512dc07b03960667cb982c852cb449eebeeebafbc51ce06d54ca89326a493a35b9a8ea0b53efebe12ff60a0eee91b91266c4bcf531c9998da5702599d6a7cf6f0ef
-
memory/1548-6-0x0000000000400000-0x00000000005E6000-memory.dmpFilesize
1.9MB
-
memory/1632-0-0x0000000000400000-0x00000000005E6000-memory.dmpFilesize
1.9MB