Overview

overview

7

Static

static

3

96678804a3...b8.exe

windows7-x64

7

96678804a3...b8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96678804a3e4e8f33683a6adcdc5c9b8.exe

  • Size

    67KB

  • MD5

    96678804a3e4e8f33683a6adcdc5c9b8

  • SHA1

    b2f82499db57e990fd106c956bf07cf65264d415

  • SHA256

    6fbbdfe4b8c6d7f06ec36f824c9af07fc853b7b355a3726e66c83bd673dd93c6

  • SHA512

    199dd3f19596747499692d0a3e785f6793549ce02935b7a7212e1a0c1d35b8c7aa2754a912044a96aecb29a4b8f5d9fe7ead615e99e4f09fa706cc6fe0ee83f1

  • SSDEEP

    1536:5OYV9aUjJucIQgu1vPIWE+b2SoJX1LNdAWNjtDTGUnqrsX:8URE+VoJX1LNdVVtOU6sX

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96678804a3e4e8f33683a6adcdc5c9b8.exe
    "C:\Users\Admin\AppData\Local\Temp\96678804a3e4e8f33683a6adcdc5c9b8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5000
    • C:\Users\Admin\AppData\Local\Temp\murzuja.exe
      C:\Users\Admin\AppData\Local\Temp\murzuja.exe
      2⤵
      • Executes dropped EXE
      PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\murzuja.exe
    Filesize

    67KB

    MD5

    48efa47599ca95e3cd6d4b3c877d0dc3

    SHA1

    2a478290814bd3608f089043351953ecc0480a0e

    SHA256

    798635814b873567e04874a23135c85ae39c8d07f3498423b985d7c9bcd503e2

    SHA512

    1485fc5d455f6469eeb6e86af38e1b695d4f3f0a73978585ee224592dbffd9778a2816073e0cdc311982e10d42c8275cadc7c1c780a07a5f4d425daf132199ae

    Download Submit

  • memory/3012-6-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/5000-1-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/5000-4-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download