Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04-02-2024 23:45

General

  • Target

    9079bcc9e9650d42f182945a85d17c54.exe

  • Size

    38KB

  • MD5

    9079bcc9e9650d42f182945a85d17c54

  • SHA1

    1f14f8f5e8acf05f04abdf586819e58e10fb98d8

  • SHA256

    17c46b997bd485679fe5e7f0794c295ea13cba22902dcde4409bdfacab19224c

  • SHA512

    5ce00316da6cfc597e963ad3e4ccc23b6d0e470233d9b661a9d87af840f398b71756fbf2332c9a075883e97651a0b178900202caf0355e5559226013636c3517

  • SSDEEP

    768:W/NSnas+vmeLswcpS1iqyPY1RNwFpVK51q1vujDUycYv:W/NSnivh1iqGi6eV7v

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1276
      • C:\Users\Admin\AppData\Local\Temp\9079bcc9e9650d42f182945a85d17c54.exe
        "C:\Users\Admin\AppData\Local\Temp\9079bcc9e9650d42f182945a85d17c54.exe"
        2⤵
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: RenamesItself
        • Suspicious use of WriteProcessMemory
        PID:2732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1276-0-0x0000000002D10000-0x0000000002D1E000-memory.dmp

      Filesize

      56KB