Overview

overview

10

Static

static

3

74eb6ab375...91.exe

windows7-x64

7

74eb6ab375...91.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74eb6ab375801443f3493f973bdfcb91.exe

  • Size

    404KB

  • MD5

    74eb6ab375801443f3493f973bdfcb91

  • SHA1

    b6c9dbe98e61a7dd1e4c00c9d7643562928a85a1

  • SHA256

    0e85cb703779c76167f601356a9c5ae59a591cc106ecb125169934b94ea2fa3a

  • SHA512

    c0fa5e829b1bda2393f03007bef156fe501cb69f6d9190247bdb7085b0c34b46a2ab1aa77f4aa6114423e7710e12419bf51250544b99e7ae075b934ea265860c

  • SSDEEP

    6144:4jlYKRF/LReWAsUyawmHD2rXo3chzMI6YtgyoH9WFqXdH1:4jauDReW0jz3yv6YtgyWKqXD

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74eb6ab375801443f3493f973bdfcb91.exe
    "C:\Users\Admin\AppData\Local\Temp\74eb6ab375801443f3493f973bdfcb91.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\ProgramData\iwavj.exe
      "C:\ProgramData\iwavj.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache .exe
    Filesize

    404KB

    MD5

    f4b07bfa08a02f8a640587f3dc4faa3d

    SHA1

    25c99aee85af3fc301957437e38811d517132bc0

    SHA256

    68e62cba8307dcbc9895f237aa132c7208ea19f04e45faee2cbeb6e2edc19bf3

    SHA512

    275219abd7468820659bb56d3b4f0e7014c03d8c3976ae06a4ab2f55b358de1151fdc89c8a6328b133f30029c9851e5493d9349a94041af4f04d6cb287abccbc

    Download Submit
  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit
  • \ProgramData\iwavj.exe
    Filesize

    267KB

    MD5

    d3c1493f93768dc9a751af894021ee1f

    SHA1

    a12639712c71692ba49fbc6a334cfbb3a79732df

    SHA256

    d7d79d4c3dff25a6636e6cd52715cf74cd75fa0c6354a2324c2fd43e7406166a

    SHA512

    bcd3ee722c4203c5240380765858db4f18d97276c0c9ab2cb5beb6d2f13d47d56b0c35eacfc259e587689901e6a3ca72a1f684925259ba0901664cae2d08e29b

    Download Submit
  • memory/2124-0-0x0000000000400000-0x0000000000474000-memory.dmp
    Filesize

    464KB

    Download
  • memory/2124-1-0x0000000000400000-0x0000000000474000-memory.dmp
    Filesize

    464KB

    Download
  • memory/2124-14-0x0000000000400000-0x0000000000474000-memory.dmp
    Filesize

    464KB

    Download
  • memory/2260-131-0x0000000000400000-0x0000000000448000-memory.dmp
    Filesize

    288KB

    Download