Overview

overview

7

Static

static

3

a1e2834518...f9.exe

windows7-x64

7

a1e2834518...f9.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2024, 12:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1e2834518d7dff40aff4f17c36d74f9.exe

  • Size

    94KB

  • MD5

    a1e2834518d7dff40aff4f17c36d74f9

  • SHA1

    f805c9da836a9f779e56845592a9ccb6f75d3308

  • SHA256

    cf107727905481beba3df46e29439ad01623ad008bebbf665c1a5ccd6d9b6c06

  • SHA512

    20370b883ce115633ebab914e536ba90ea3d4f213e06cb2d94aa7a3ec903c91e4e1a9dc910e55c51280cf355de45ba0ebd4ce97f23efc7f1539b330128ba22bf

  • SSDEEP

    1536:WMq5CUQrCovkU99w6UC8f3NbuRhdHxFymPHqV1rUM2fR08aU+Mj9:kCUGhv26d8/NinNxFymCV1rUM2p0xU+y

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1e2834518d7dff40aff4f17c36d74f9.exe
    "C:\Users\Admin\AppData\Local\Temp\a1e2834518d7dff40aff4f17c36d74f9.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4924
    • C:\Program Files\Internet Explorer\iexplore.exe
      2⤵
        PID:5208
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\Deleteme.bat
        2⤵
          PID:3380

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\Deleteme.bat
        Filesize

        184B

        MD5

        99952fe2a7921e1baa36bc1697a8e6c0

        SHA1

        5607dd1a10a771810c5e86fb73e9c26b61a0370e

        SHA256

        ea581861c3f9083a3d40c8174b8a46c45d1cfbd49cfaeb6e314bbeed6e0d63ac

        SHA512

        0127ffc14cf4f87ce3452234362f5f707222cc164cc0d6589c2c835a13a9dd14f08d0b7cbaceb13bd17c8b7f511a0c549da447f7c250bb5af0bdf6b623cf4145

        Download Submit

      • memory/4924-3-0x0000000000400000-0x000000000041D000-memory.dmp

        Filesize

        116KB

        Download