Overview

overview

7

Static

static

3

8edd5e3c36...16.exe

windows7-x64

7

8edd5e3c36...16.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 10:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8edd5e3c36a717941d8bde22cd27b416.exe

  • Size

    390KB

  • MD5

    8edd5e3c36a717941d8bde22cd27b416

  • SHA1

    5623f81fcf3e9b988e1fa03282f87cc04d618e09

  • SHA256

    60a8436668f546e7cc173b257fb5a01c72335f5c97bcd620ef9104d993202622

  • SHA512

    573672be7e9bc56f99d6740fd5a43b473d0e99d6c2da97c46a13f254fb22c5e0e3a576e12979648568fcb156f8a1a0407b196c6878acf8cae248660be61a8ede

  • SSDEEP

    12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2A8UkiKemcXz:7zXKqa8SEijjC+378HOmcD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8edd5e3c36a717941d8bde22cd27b416.exe
    "C:\Users\Admin\AppData\Local\Temp\8edd5e3c36a717941d8bde22cd27b416.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Program Files (x86)\rvfo\rhlzoo.exe
      "C:\Program Files (x86)\rvfo\rhlzoo.exe"
      2⤵
      • Executes dropped EXE
      PID:1120

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Program Files (x86)\rvfo\rhlzoo.exe
          Filesize

          400KB

          MD5

          98b7a8f7c6a900336ebbb48abb7d799e

          SHA1

          d406c77a685ae77641d3b9804877405655334d1a

          SHA256

          1f430fcd1408c55af8356ae04414b4a505649d71b71f5f9adf66bae34b1d84a3

          SHA512

          8d957f1129cae65b1f9c37d8a6394373bc749aefd33c763c5309a044bd81ef08509215c6b6d90b61c99493d552cca47f981c8723f4c3dbd7f19f7be823599330

          Download Submit

        • memory/1120-9-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/1120-10-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/2288-0-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/2288-2-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/2288-5-0x0000000001E30000-0x0000000001EC4000-memory.dmp

          Filesize

          592KB

          Download