Overview

overview

10

Static

static

3

74f7db9c69...19.exe

windows7-x64

7

74f7db9c69...19.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74f7db9c6976a33b3b2411d8a37b0619.exe

  • Size

    506KB

  • MD5

    74f7db9c6976a33b3b2411d8a37b0619

  • SHA1

    d15504292e54bb4c3e5837635210eb60754ff6c0

  • SHA256

    efd85583ad5df1e4033da39a713f3348e500a64c3fef9ba527d41858ad83eb85

  • SHA512

    d399604ed8c52d90b2e9dde58e0ac83a8cf1235880a33d3bfd2668f1613050965e2941bd7f0f66e4829a93c3464898a6c658588a9f04b50405b1fb228d635bd9

  • SSDEEP

    12288:UXsyl/1WmGX62m6gjx28EWld2XGkkTMmCDNXchcPAocNuVpa1+o/g:Csy2jZpg2CBTTgiCAo4uVpfo/g

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74f7db9c6976a33b3b2411d8a37b0619.exe
    "C:\Users\Admin\AppData\Local\Temp\74f7db9c6976a33b3b2411d8a37b0619.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Users\Admin\AppData\Local\Temp\74f7db9c6976a33b3b2411d8a37b0619.exe
      C:\Users\Admin\AppData\Local\Temp\74f7db9c6976a33b3b2411d8a37b0619.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\74f7db9c6976a33b3b2411d8a37b0619.exe" /TN Google_Trk_Updater /F
        3⤵
        • Creates scheduled task(s)
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab1566.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar1579.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit
  • \Users\Admin\AppData\Local\Temp\74f7db9c6976a33b3b2411d8a37b0619.exe
    Filesize

    506KB

    MD5

    afdaf886e7d8c3609698a9a2d0324cb6

    SHA1

    18d2937aa3ed216a733e1b083d40c58030892e99

    SHA256

    cbbf43f9e344f23c5a81b17909221836eaa3a1fce4b5057277a4ef0bb854861b

    SHA512

    913e3efa59ab5c9c4908c6b623744efa04450b9e48393abe389bedb5b887a57a9941438983cfd61566895f860501d67fdb45dd927eb879821f2f85d9079de40b

    Download Submit
  • memory/1848-12-0x0000000001600000-0x0000000001683000-memory.dmp
    Filesize

    524KB

    Download
  • memory/1848-15-0x0000000000400000-0x000000000047E000-memory.dmp
    Filesize

    504KB

    Download
  • memory/1848-1-0x0000000000400000-0x000000000047E000-memory.dmp
    Filesize

    504KB

    Download
  • memory/1848-0-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/1848-2-0x0000000001490000-0x0000000001513000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2836-18-0x0000000000320000-0x00000000003A3000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2836-29-0x0000000002D30000-0x0000000002DAE000-memory.dmp
    Filesize

    504KB

    Download
  • memory/2836-24-0x0000000000400000-0x000000000045B000-memory.dmp
    Filesize

    364KB

    Download
  • memory/2836-21-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2836-65-0x0000000000400000-0x000000000045B000-memory.dmp
    Filesize

    364KB

    Download