77aa68732e0486217b4063ca663c2a1b8c9b444e87a423c91d2b6be6992938cc | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 01:47

Sharing

Report Analysis Logs

General

Target

692f98dc8b4c469b4a7454ab7812a2bf.exe
Size

479KB
MD5

692f98dc8b4c469b4a7454ab7812a2bf
SHA1

112ad87993b35386b18d8e3e6134e426875ae522
SHA256

77aa68732e0486217b4063ca663c2a1b8c9b444e87a423c91d2b6be6992938cc
SHA512

d2c61e42928b6d71d1ad53b121250acccad8853f1151b9a1ca805096e7fa28d3569fc2cb6a2c9d62087a3e80f407138fcfe5f90c40acc7484a444cbee806f993
SSDEEP

12288:bO4rfItL8HASJ1039q1G9zN0mrqQ3wA75UO:bO4rQtGAy1039hiQ3pVUO

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2888	1F82.tmp

Executes dropped EXE 1 IoCs

pid	Process
2888	1F82.tmp

Loads dropped DLL 1 IoCs

pid	Process
3040	692f98dc8b4c469b4a7454ab7812a2bf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2888	3040	692f98dc8b4c469b4a7454ab7812a2bf.exe	28
PID 3040 wrote to memory of 2888	3040	692f98dc8b4c469b4a7454ab7812a2bf.exe	28
PID 3040 wrote to memory of 2888	3040	692f98dc8b4c469b4a7454ab7812a2bf.exe	28
PID 3040 wrote to memory of 2888	3040	692f98dc8b4c469b4a7454ab7812a2bf.exe	28

C:\Users\Admin\AppData\Local\Temp\692f98dc8b4c469b4a7454ab7812a2bf.exe
"C:\Users\Admin\AppData\Local\Temp\692f98dc8b4c469b4a7454ab7812a2bf.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\1F82.tmp
  "C:\Users\Admin\AppData\Local\Temp\1F82.tmp" --helpC:\Users\Admin\AppData\Local\Temp\692f98dc8b4c469b4a7454ab7812a2bf.exe 073B0A6ACB4435843954D1777B46567690511E50D1770AD47AE42F79E0110D68A27BFC37941275335FB45AA6ABC45D0F7D361121E327E12F83504559DBB55F60
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1F82.tmp

Filesize
479KB

MD5
44e8b7e2d10b86bb6718fb56f3659510

SHA1
756a37b97783c906a2188fb93f285dda80430538

SHA256
d5b6b2f58de68e8aee16980b0422c183ee0a3f574fc1e101b6a5fc96a80edfa3

SHA512
48d6cb3931b4195be123132202dc056990d5847542252f0af30cf9d553ca72d41a1f6af88e85427a7e70f5e4583aa7e99c43095c82415eee6bfd2c6d002e28cb

Download Submit