817cbb5e1db0539ce423dfcff4af5d8df767fabf6be1eaa19bb4c9b934e16cf9 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 01:07

Sharing

Report Analysis Logs

General

Target

2e5fb7e20986f97303d1bae3ff1862b7.exe
Size

468KB
MD5

2e5fb7e20986f97303d1bae3ff1862b7
SHA1

21f3c9f47a48118dd90aeaf15939b8956d6c122e
SHA256

817cbb5e1db0539ce423dfcff4af5d8df767fabf6be1eaa19bb4c9b934e16cf9
SHA512

023072facdf239bef888341adabe467443d2fcdbd87bce6b9ecc85b40105f3c56f1fb66ce0c978a8cd0bb51772160ee23793e5ff707af2cc313c1bed4b9bba87
SSDEEP

12288:qO4rfItL8HGpC0KDAhy0pvI4F7bWmeEVGL:qO4rQtGGpC0KMhxIAumeEVGL

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1888	118E.tmp

Executes dropped EXE 1 IoCs

pid	Process
1888	118E.tmp

Loads dropped DLL 1 IoCs

pid	Process
840	2e5fb7e20986f97303d1bae3ff1862b7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 1888	840	2e5fb7e20986f97303d1bae3ff1862b7.exe	28
PID 840 wrote to memory of 1888	840	2e5fb7e20986f97303d1bae3ff1862b7.exe	28
PID 840 wrote to memory of 1888	840	2e5fb7e20986f97303d1bae3ff1862b7.exe	28
PID 840 wrote to memory of 1888	840	2e5fb7e20986f97303d1bae3ff1862b7.exe	28

C:\Users\Admin\AppData\Local\Temp\2e5fb7e20986f97303d1bae3ff1862b7.exe
"C:\Users\Admin\AppData\Local\Temp\2e5fb7e20986f97303d1bae3ff1862b7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:840
- C:\Users\Admin\AppData\Local\Temp\118E.tmp
  "C:\Users\Admin\AppData\Local\Temp\118E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2e5fb7e20986f97303d1bae3ff1862b7.exe C7833E52AD617A50A20920CCC7EFB876E10CE25D1F7C21F5DE77A1842ECC488B0390094F8B6EADC5D0B352FA31DFBDC11E43A9FFCE14FD50DC6AFE8025AA7D5C
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\118E.tmp

Filesize
468KB

MD5
31f56e7c256b2d98f7944d83c36f0082

SHA1
a53f77bab3f911ae60626f202536defb236520d2

SHA256
bb66cdb4dc117e7aab831ac7c30adf314ec17e943144124236078770faa9b6cb

SHA512
ff5f3b4f3d0c852a4e74caae02aacf9c41ac1706697b8662fa307202efff31bd91809697303314a3ee8e99a718003508a44031e2c2e315554cce6f016c5c6ccc

Download Submit