Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
25/02/2024, 07:21
General
-
Target
a332b26f255b3c8a13cd6bd8f67f4387.exe
-
Size
189KB
-
MD5
a332b26f255b3c8a13cd6bd8f67f4387
-
SHA1
f724929f98313ca3271c6a653f4aeb3b68ec4a43
-
SHA256
cb820e8cb5134272cb4c849682b2728fb40e09d6ac914274e361a5c1be851e82
-
SHA512
18cb03a4e646c45dedd6713b5ecea0c723d008ae984c9f360aa54a8816c0d8586b180b661c695a3e6d9eaf9d530a97a6816a2cf5177a07e4a49524cc8806718c
-
SSDEEP
3072:9BgW+dUEGvfZ3d/NSDs0/rx7uGm9wr8xblwuY4pWSHUtULXPo31nSKn:9B2tGvl4b/x+CuY4dUtULfo31
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a332b26f255b3c8a13cd6bd8f67f4387.exe"C:\Users\Admin\AppData\Local\Temp\a332b26f255b3c8a13cd6bd8f67f4387.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\nodkrn23.exeC:\Windows\nodkrn23.exe 512 "C:\Users\Admin\AppData\Local\Temp\a332b26f255b3c8a13cd6bd8f67f4387.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
189KB
MD5a332b26f255b3c8a13cd6bd8f67f4387
SHA1f724929f98313ca3271c6a653f4aeb3b68ec4a43
SHA256cb820e8cb5134272cb4c849682b2728fb40e09d6ac914274e361a5c1be851e82
SHA51218cb03a4e646c45dedd6713b5ecea0c723d008ae984c9f360aa54a8816c0d8586b180b661c695a3e6d9eaf9d530a97a6816a2cf5177a07e4a49524cc8806718c