Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7502f91d4f123f4244451c3a0087e642.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7502f91d4f123f4244451c3a0087e642.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
7502f91d4f123f4244451c3a0087e642.exe
-
Size
60KB
-
MD5
7502f91d4f123f4244451c3a0087e642
-
SHA1
5a4ac9867954551e4bfa9308eee8438fc14bf1ad
-
SHA256
296f7eecb994ab8b677ff5c7ad9abb7039c800cf5860ac2945e044e236dabf27
-
SHA512
5dd8e78cc64284b5762d8f0281862b220219b443f01cdc6fd4c92e26f073a1665bfc68b4cca7a1c5f598bd649a00e13e99094b0302ba22e5f773adca8105cf7b
-
SSDEEP
768:uGMVESUM0SULlpzK3K1Sv1edURL6HL0x32ba/2sQDbNFAY0cMEMzh5:uGynUr33uoS0RrI3saOscAES5
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
7502f91d4f123f4244451c3a0087e642.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Essentials = "C:\\Users\\Admin\\AppData\\Roaming\\javaw.exe" 7502f91d4f123f4244451c3a0087e642.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
7502f91d4f123f4244451c3a0087e642.exedescription pid process target process PID 2816 wrote to memory of 2880 2816 7502f91d4f123f4244451c3a0087e642.exe svchost.exe PID 2816 wrote to memory of 2880 2816 7502f91d4f123f4244451c3a0087e642.exe svchost.exe PID 2816 wrote to memory of 2880 2816 7502f91d4f123f4244451c3a0087e642.exe svchost.exe