Overview

overview

7

Static

static

3

7cc874e99d...90.exe

windows7-x64

7

7cc874e99d...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28/01/2024, 09:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7cc874e99d99b4ec8f130770df496290.exe

  • Size

    11.8MB

  • MD5

    7cc874e99d99b4ec8f130770df496290

  • SHA1

    73cb339c898dfbf082d049f1728653490bac1ef5

  • SHA256

    8b0644a03290f67c0e294b31ae5e5dcdf4c189122be8565b2253294d4507f6a2

  • SHA512

    8e58e860ca32dcada1d75f37ec5644597fbcbf1fbb6b12f58f40ae24904a49b8806655662de96cccfc7dd978ed5391266f2fa98e099a568b4944cfe1c3325592

  • SSDEEP

    196608:l5TDere6nhJWtNElUj0rf40sIuc8m3rTP/QVIhh6XfPOsq1WPwF1kRU:l5Hei6yTwxs0+cjPPQI6qIC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7cc874e99d99b4ec8f130770df496290.exe
    "C:\Users\Admin\AppData\Local\Temp\7cc874e99d99b4ec8f130770df496290.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\is-8USI6.tmp\7cc874e99d99b4ec8f130770df496290.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8USI6.tmp\7cc874e99d99b4ec8f130770df496290.tmp" /SL5="$4001C,12154717,56832,C:\Users\Admin\AppData\Local\Temp\7cc874e99d99b4ec8f130770df496290.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2372

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-2ANGH.tmp\_isetup\_shfoldr.dll
          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-8USI6.tmp\7cc874e99d99b4ec8f130770df496290.tmp
          Filesize

          691KB

          MD5

          9303156631ee2436db23827e27337be4

          SHA1

          018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

          SHA256

          bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

          SHA512

          9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

          Download Submit

        • memory/2148-0-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2148-2-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2148-15-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2372-10-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2372-16-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/2372-19-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download