Overview

overview

7

Static

static

3

878bf88402...69.exe

windows7-x64

7

878bf88402...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 18:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    878bf88402de667eabaa0dee94268469.exe

  • Size

    1.1MB

  • MD5

    878bf88402de667eabaa0dee94268469

  • SHA1

    733db7eebd84724eeb91effeaf0f2429b1a1f70d

  • SHA256

    45c09a7e363ccce38df3b025bd337136eea1d4f7538b5deac26c569b9aa7b9f5

  • SHA512

    6cd23b610f950849fe8244831be0b423956739ca59062a5647e4caa55b6dba52fd95b6e2b2a3a5b0b74b9766b91655edf38ddfca21c7ce90aaca563e09050dbe

  • SSDEEP

    24576:qZEnv0hGq5WerQ/uNYwFGPbWxfYX4P33TCgT1hvLCH:0AchGq3rQ/uOwFGPbWxfzPV1hjU

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\878bf88402de667eabaa0dee94268469.exe
    "C:\Users\Admin\AppData\Local\Temp\878bf88402de667eabaa0dee94268469.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FACEBO~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\FACEBO~1.EXE
      2⤵
      • Executes dropped EXE
      PID:2996

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\IXP000.TMP\FACEBO~1.EXE
          Filesize

          1.3MB

          MD5

          75211415cd0ac077b248ed0c2751d178

          SHA1

          99ac1bf517000f0d168aaeba70cce653877199bc

          SHA256

          25b78be60510b88a38c3ab51ebddb47851cee9a565e768316f1c78db7100c9f5

          SHA512

          9110add43200a1b661b318d2ac115463e01439b9ca5a40ff8e7956039ab89885f404ee52b9ae7b8d3e27e069cb4475389f774cda11346faab7966b172ce84f31

          Download Submit

        • memory/2996-8-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2996-9-0x0000000000400000-0x0000000000560000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2996-11-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download