Overview

overview

5

Static

static

3

7eb55ce554...ea.exe

windows7-x64

5

7eb55ce554...ea.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 03:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7eb55ce5541d5644f5b196fdaa5d85ea.exe

  • Size

    108KB

  • MD5

    7eb55ce5541d5644f5b196fdaa5d85ea

  • SHA1

    ff3b9ff9985c4778a2985fea07baad279addb9f9

  • SHA256

    7dbb69a30ef7a162987f2b873dde49b3688f58c553ebac71b1fa56cef7e91bbc

  • SHA512

    4b7f6360f08f0ef69727e5eccbbbff4e7c0c068847663c28fcf6dfcf936ec9d9bb860fa01adbfe49e778dc9ca71b984fa49882e1b73cd7835ad16b88483a16ae

  • SSDEEP

    1536:9Pr3T/bnDvLXzff7HjPrvLX/bn3K1OOafXaPrgbnDvLXzf7HjPr3T/bnDvLXzTB8:kOtfqcgf3rmYggectV8a1NhPEi

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7eb55ce5541d5644f5b196fdaa5d85ea.exe
    "C:\Users\Admin\AppData\Local\Temp\7eb55ce5541d5644f5b196fdaa5d85ea.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\Deletedll.bat
      2⤵
        PID:536

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~05.tmp
      Filesize

      10KB

      MD5

      1b041b89de8730ce73a81ca00bd4396f

      SHA1

      7a987eec8d58bb26d30ab48b3a81c78f89410cdc

      SHA256

      5b9109d0adf77e886f40f3f28ab12caa4253ec2ad79b886eaca45a88fee98225

      SHA512

      247e6614f1c81ae11e111fe6b8f6f3acb415253bb5a4e13cf9700effc020a32c7d4148eb86cc77cf492175427edc12d20e1ec919e5134fd777fe7d7085d6a940

      Download Submit

    • C:\Windows\SysWOW64\Deletedll.bat
      Filesize

      126B

      MD5

      0f8f2f64a66d442e2116dd1231abec6e

      SHA1

      cc40ebef9dab1f3599baced05ff3207d9fe8ff1b

      SHA256

      e77534b78cd9579610449efc1a9770bfac458202ffaabdaa6dde1453a353df4d

      SHA512

      76cd5a6320dc08ff4b23741731da18ff55f9eb412185297d50753a2426985c37a17fdc1b5f82ba9485421cb5eac01da615a303c43cf6e56c9af4c17db6bde76e

      Download Submit

    • memory/2100-5-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2100-20-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download