Overview

overview

10

Static

static

7

7519909800...99.exe

windows7-x64

7

7519909800...99.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7519909800d261e7a6c4e3e02b0f1799.exe

  • Size

    13KB

  • MD5

    7519909800d261e7a6c4e3e02b0f1799

  • SHA1

    87f6fee12beefc4ecf8d1adbd9d0281b5e087369

  • SHA256

    66ff1380b6da5e5997c23c0302019836237df45cd2dfe1f57a15ba566ae51680

  • SHA512

    0c72a951a0379ba0361643b56d9fbe981a41831e146387e8f2452277ba8b97692c5ab40e55d5513004a66dff1f209bdc0c56b6cc414f312dff70c91cbf69fa96

  • SSDEEP

    192:mrO3Nxh2Ts4VHs+xClc09HNGa9L2PpAxXwCMrpY7e8LqPZo5LdCfq1Rn6O3shC6:mrMuTsjmsLeAxXr6+e9Pfqbn1if

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7519909800d261e7a6c4e3e02b0f1799.exe
    "C:\Users\Admin\AppData\Local\Temp\7519909800d261e7a6c4e3e02b0f1799.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\a.vbs"
      2⤵
      • Deletes itself
      PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\a.vbs
    Filesize

    1KB

    MD5

    8aa2a3ec169445fa757f9ef1518c4dc3

    SHA1

    495bdd81e7f070f0a2637f1739e47c672d5afe9f

    SHA256

    3b6d3a8bf0be13f7802e084862404276deaa381298d5c8842b727bd72eb1d91f

    SHA512

    3bc33b254dc98f55663f34096004a4a69222219292110e91b5e78aeaa4ca2b55df856563d42f58904c3421c723725c0d3b62826862f07d9d58566f7877acc84b

    Download Submit

  • memory/3040-5-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download