6544118830e6ff6143dad5f2211b41497270f109232437512bb66626c8b96af0

Analysis

max time kernel
7s
max time network
11s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bd2f6cdefbe68f19ca2c1ef51ef123b.exe
Size

366KB
MD5

7bd2f6cdefbe68f19ca2c1ef51ef123b
SHA1

5aaaea86e6c8c293a8b43608fe78c4cdf12d1fd8
SHA256

6544118830e6ff6143dad5f2211b41497270f109232437512bb66626c8b96af0
SHA512

e11859897660ce96314e4f6924c66db74693c4232f2a04b06aa386103297217ea84760b90fed455500581ae5c5bd26fe044d3453ea31bfdc497d8c60fc953100
SSDEEP

6144:Nd8tdJzSxgZkAy4zN7fJjBSAuoYxdbeomzVQUgSRBWSwvP6bQ7yMP+DE827NXN:N44ajyCfJN+oYxBez5QU1u6b7MP+Dd2H

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2716	msebtis.exe
3036	mschpxk.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msebtis.exe	7bd2f6cdefbe68f19ca2c1ef51ef123b.exe
File opened for modification	C:\Windows\SysWOW64\msebtis.exe	7bd2f6cdefbe68f19ca2c1ef51ef123b.exe
File created	C:\Windows\SysWOW64\mschpxk.exe	msebtis.exe
File opened for modification	C:\Windows\SysWOW64\mschpxk.exe	msebtis.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	7bd2f6cdefbe68f19ca2c1ef51ef123b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	7bd2f6cdefbe68f19ca2c1ef51ef123b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	msebtis.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	msebtis.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	msebtis.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	7bd2f6cdefbe68f19ca2c1ef51ef123b.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2716	2348	7bd2f6cdefbe68f19ca2c1ef51ef123b.exe	87
PID 2348 wrote to memory of 2716	2348	7bd2f6cdefbe68f19ca2c1ef51ef123b.exe	87
PID 2348 wrote to memory of 2716	2348	7bd2f6cdefbe68f19ca2c1ef51ef123b.exe	87
PID 2716 wrote to memory of 3036	2716	msebtis.exe	88
PID 2716 wrote to memory of 3036	2716	msebtis.exe	88
PID 2716 wrote to memory of 3036	2716	msebtis.exe	88

C:\Users\Admin\AppData\Local\Temp\7bd2f6cdefbe68f19ca2c1ef51ef123b.exe
"C:\Users\Admin\AppData\Local\Temp\7bd2f6cdefbe68f19ca2c1ef51ef123b.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\msebtis.exe
  C:\Windows\system32\msebtis.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Windows\SysWOW64\mschpxk.exe
    C:\Windows\system32\mschpxk.exe
    3⤵
    - Executes dropped EXE
    PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\msebtis.exe

Filesize
366KB

MD5
7bd2f6cdefbe68f19ca2c1ef51ef123b

SHA1
5aaaea86e6c8c293a8b43608fe78c4cdf12d1fd8

SHA256
6544118830e6ff6143dad5f2211b41497270f109232437512bb66626c8b96af0

SHA512
e11859897660ce96314e4f6924c66db74693c4232f2a04b06aa386103297217ea84760b90fed455500581ae5c5bd26fe044d3453ea31bfdc497d8c60fc953100

Download Submit
memory/2348-0-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2348-1-0x00000000021C0000-0x00000000021F0000-memory.dmp

Filesize
192KB

Download
memory/2348-2-0x00000000021F0000-0x00000000021F2000-memory.dmp

Filesize
8KB

Download
memory/2348-3-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2348-4-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/2348-5-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2348-6-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2348-7-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2348-8-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/2348-9-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/2348-10-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/2348-11-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/2348-12-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2348-13-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/2348-14-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/2348-15-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/2348-16-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/2348-17-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/2348-19-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/2348-18-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/2348-20-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/2348-21-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2348-22-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2348-23-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2348-25-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/2348-24-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2348-26-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2348-27-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2348-28-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2348-29-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2348-30-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/2348-31-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/2348-32-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2348-35-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2348-34-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/2348-36-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2348-37-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/2348-38-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2348-40-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2348-39-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/2348-41-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/2348-42-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/2348-43-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/2348-44-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/2348-45-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/2348-48-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/2348-46-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/2348-50-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/2348-49-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2348-51-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/2348-52-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/2348-53-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/2348-54-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/2348-55-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/2348-56-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/2348-62-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2716-60-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/2716-61-0x0000000000550000-0x0000000000580000-memory.dmp

Filesize
192KB

Download
memory/2716-64-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/2716-66-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/2716-68-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2716-70-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/2716-71-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/2716-67-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads