Overview

overview

7

Static

static

1

7c42656960...12.exe

windows7-x64

7

7c42656960...12.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 05:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7c426569603ae6233a88e1373b32c712.exe

  • Size

    681KB

  • MD5

    7c426569603ae6233a88e1373b32c712

  • SHA1

    cdfa64de71be8321d17b9830d32a10fb03303246

  • SHA256

    b3ed550c77e934aef0e7c469e6d73b5aff2f5144d619fae0a038833bcb80ba53

  • SHA512

    e93eab3c1792ce55272676abaf54adac37b41a637314ce7c24378b5a3b973286331751da39738ddae3c6a8b5e5191a96d0a99d7d5fd82b8cfc8596e807648795

  • SSDEEP

    12288:JSpANq/ZANcY5AcB/EN2MG/+vfPmueKD9pHnc5LrS4pzVA5bXzDXUhyslVYgaWaU:JSK4OKY5A08G/+vHmv4884pzIDzU0f5+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c426569603ae6233a88e1373b32c712.exe
    "C:\Users\Admin\AppData\Local\Temp\7c426569603ae6233a88e1373b32c712.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4892
    • \??\c:\734b57a4db99c4560c5a6932\update\update.exe
      c:\734b57a4db99c4560c5a6932\update\update.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4212

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\734b57a4db99c4560c5a6932\_sfx_.dll
          Filesize

          25KB

          MD5

          ee207e35aea4d5df41d90221e1b66efa

          SHA1

          757469cf9ad2f21f267bbe730560114fdf8a89a5

          SHA256

          cf64c95e9a2d02967efc22b00efb3736156b913a95231eb63c1df45d43475e64

          SHA512

          43e9f75725daa4f3428b2d9cee2c2cc8b2f2e991b8e58d72d2f429fbdfb614c86d172f03d3f9da98756bd4e245643d9a57c6efa422d6c60ad364a2322245542d

          Download Submit

        • C:\734b57a4db99c4560c5a6932\update\update.exe
          Filesize

          737KB

          MD5

          0ff4e4e0dd01e7872d9c2013560fd4a7

          SHA1

          f6a3aa7d551c99c3e9c00c9592c2be1b1cf1a81a

          SHA256

          fadc30d8a636762c424ff4f49d528f22d59c46c20c24c5c4b73badb4deb5e8a1

          SHA512

          8e154e66b6949e93532052a15762db2cbcf9d8dbfce9ef18ae2adcfd126974240716220151d1e59347fb4f094da7ab31701b32d3fdc5726c2da098154319a0b6

          Download Submit

        • C:\734b57a4db99c4560c5a6932\update\updspapi.dll
          Filesize

          373KB

          MD5

          8d13dfd9d7351b2da87ca237277b6cf3

          SHA1

          a9ef7f91183857ae6dba937f9f95282f6c590a9d

          SHA256

          dc2beb43cefa8840d3ac7d622079870f247f97a205a52cb4794b1d688c155463

          SHA512

          d11eee63de309e2b81a92fa9c72a11c1a587e4491214e1d45ad20cba3677ebf99bf98483bbc7f579d5f830e4ca7473d532abc1c6dd7c64ad455e0cd1bcc9a792

          Download Submit

        • memory/4212-63-0x0000000000620000-0x000000000067E000-memory.dmp

          Filesize

          376KB

          Download