Overview

overview

7

Static

static

3

76bc047ad4...6f.exe

windows7-x64

7

76bc047ad4...6f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2024 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76bc047ad4ba6c2667ed9dfbfe5e0e6f.exe

  • Size

    594KB

  • MD5

    76bc047ad4ba6c2667ed9dfbfe5e0e6f

  • SHA1

    9f8f33b8032b3f532282ab1ca6310f781f4a641e

  • SHA256

    92a51390713465d6370c27575ede39dda9097144081eb0daf916fdfeb7ca1049

  • SHA512

    fc349c32c975c3b8445fc138646969c90ac14348bed88338327b648fbc0faa9465f797fa27ab431aae63d97c99cc589376da17e50c2006cb007715e55ac022e4

  • SSDEEP

    12288:Frp/OYD6GzozbigFc6kF3Z4mxx+laSsuEXAVDZoSD:FrF36EozbRc9QmX+ltsuEWWg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76bc047ad4ba6c2667ed9dfbfe5e0e6f.exe
    "C:\Users\Admin\AppData\Local\Temp\76bc047ad4ba6c2667ed9dfbfe5e0e6f.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Delete.bat
      2⤵
      • Deletes itself
      PID:2808
  • C:\Windows\G_Server1.23.exe
    C:\Windows\G_Server1.23.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of FindShellTrayWindow
    PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Delete.bat
    Filesize

    186B

    MD5

    70c348f61937ff9790caefb8125741b7

    SHA1

    c13705f440ec8a6bb1091adecabe138995cc6e54

    SHA256

    ae83e3828532d71f7feb068dd8f06f0b643894feea3ab7b3253020d5158cb919

    SHA512

    01817fde9cd95814238b77e8404a6004681990f2e13d2c7a199abb2b595c514577bb0b6961079a71f1c4702abe2e68b13aac7e001b71dafa475669f4d6b0a119

    Download Submit

  • C:\Windows\G_Server1.23.exe
    Filesize

    594KB

    MD5

    76bc047ad4ba6c2667ed9dfbfe5e0e6f

    SHA1

    9f8f33b8032b3f532282ab1ca6310f781f4a641e

    SHA256

    92a51390713465d6370c27575ede39dda9097144081eb0daf916fdfeb7ca1049

    SHA512

    fc349c32c975c3b8445fc138646969c90ac14348bed88338327b648fbc0faa9465f797fa27ab431aae63d97c99cc589376da17e50c2006cb007715e55ac022e4

    Download Submit

  • memory/2636-16-0x00000000032D0000-0x00000000032D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-7-0x0000000000580000-0x0000000000581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-12-0x0000000003290000-0x0000000003294000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2636-21-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-10-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-9-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-8-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-20-0x00000000032B0000-0x00000000032B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-6-0x0000000000510000-0x0000000000511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-5-0x0000000000520000-0x0000000000521000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-4-0x0000000000590000-0x0000000000591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-2-0x0000000000560000-0x0000000000561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-14-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-3-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-0-0x0000000000400000-0x0000000000505000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2636-17-0x00000000032C0000-0x00000000032C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-11-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-13-0x0000000003390000-0x0000000003391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-15-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2636-1-0x0000000000380000-0x00000000003D4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2636-33-0x0000000000400000-0x0000000000505000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2636-35-0x0000000000380000-0x00000000003D4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2764-34-0x00000000031B0000-0x00000000031B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-36-0x00000000031A0000-0x00000000031A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-39-0x0000000000360000-0x00000000003B4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2764-40-0x0000000003200000-0x0000000003201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-38-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-37-0x0000000003190000-0x0000000003191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-32-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-23-0x0000000000400000-0x0000000000505000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2764-28-0x0000000003180000-0x0000000003181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-43-0x0000000000400000-0x0000000000505000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2764-45-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download