Overview

overview

7

Static

static

3

8ef7024136...97.exe

windows7-x64

7

8ef7024136...97.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ef702413698c7431154916980814597.exe

  • Size

    204KB

  • MD5

    8ef702413698c7431154916980814597

  • SHA1

    487e6617f7ac8c0180f86e99c50b5e3c9dd533bd

  • SHA256

    5128803071317562fe8778a0edc1f5ddac7740996f1dc67408db6a8c4d0b2d27

  • SHA512

    67441d743e6f9c37d59e098fb7e439e5aa12ef51da5b2dbcd9e9b341fb6dd9fb6e5d54b103ad5b0602d4ce271402631a4e5cf31f38eb01f39e98d417b93255b0

  • SSDEEP

    3072:bEHuVcqMIrEM/3ruhHpPKeqv1l/fnv+8UMBZJrX5hFcC:bEHQcqMIb3ihHIeqtl/HHZvhFc

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Intel\WMIC.exe
    C:\Intel\WMIC.exe
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    PID:2340
  • C:\Users\Admin\AppData\Local\Temp\8ef702413698c7431154916980814597.exe
    "C:\Users\Admin\AppData\Local\Temp\8ef702413698c7431154916980814597.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intel\WMIC.exe
    Filesize

    204KB

    MD5

    3c6983edf8130b1d12c98517df6f0c08

    SHA1

    e6370c7770a55051e2d84a6b351e7e3efcd34e6d

    SHA256

    695a750df381d07ac56a596e5c383d23d5fd0747926858404f7274ccdf408fd3

    SHA512

    d32188c111d6fb7710136fe455ab73af3e7118de51688cc7a7e10a1ffbffa6055fbe4eeb94c2b6f78f05ae94bbb5c00a6482f09b789a38534936c919f06a9006

    Download Submit

  • C:\Intel\tmp-0.bin
    Filesize

    3KB

    MD5

    ed716e7d91d72cde335ea1903c72fa57

    SHA1

    7584e9bbb97073f26f6087474ccaf2e9bad75671

    SHA256

    5b500c27bbfe2a2d6fb63930e7ea2a77483036b1ec46222f855b445d628f2547

    SHA512

    8a403cc9dcf00ad951602aae9a3cfff37f5cbd4f84baf607177f2bd7321ac58b90b969472fb4b44ee0585db05b0ddd1b6628a2b0990e73c6de2fc3d24e9945cb

    Download Submit