Overview

overview

7

Static

static

3

abf3e9c663...1a.exe

windows7-x64

7

abf3e9c663...1a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-02-2024 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    abf3e9c66337d31799a60cb211d4811a.exe

  • Size

    280KB

  • MD5

    abf3e9c66337d31799a60cb211d4811a

  • SHA1

    a8b40ce2a175b5377d5d5830757886ce0325e0ed

  • SHA256

    118021742eb8f1beac97119265aae0a4e9da963e671733e8dfc64746f320f47c

  • SHA512

    b7fd834177c914f0a0d974f5c6dd5c4423a98aaa70f370fc0d32173cbb1e5e7916e6759edc88d0d852c6543f1057f051673ea64050704e9e7d49df0d0449091d

  • SSDEEP

    3072:SPCEEkfk5qasl5jcChjXdVZXI1jqQ7S2pCxCN6ja83Vt13GQAb5pnpvs:SaE/0qasl1hVDQ7SoNg13gbi

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 26 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\abf3e9c66337d31799a60cb211d4811a.exe
    "C:\Users\Admin\AppData\Local\Temp\abf3e9c66337d31799a60cb211d4811a.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Delete.bat
      2⤵
      • Deletes itself
      PID:1632
  • C:\Windows\lassa.exe
    C:\Windows\lassa.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Delete.bat
    Filesize

    190B

    MD5

    aa9e3d10529fbd54043e5d1e6c53dc33

    SHA1

    71fafd22d0a8fa30650ce8d21ebade5f01a9a7e0

    SHA256

    614bdfdfad512f153b3695e1791a4848688e7fd70c1706a5b5f55bd47c5b2aa8

    SHA512

    ad50cea4b3c29d19c489cdc04cccb25b3aadc87df8b2e68ab0d5a4df2fbd73cd8cca956ebfe90a75c7ea24fc6081b75e2401429ea0d7e9efa6c62758432e672c

    Download Submit

  • C:\Windows\lassa.exe
    Filesize

    280KB

    MD5

    abf3e9c66337d31799a60cb211d4811a

    SHA1

    a8b40ce2a175b5377d5d5830757886ce0325e0ed

    SHA256

    118021742eb8f1beac97119265aae0a4e9da963e671733e8dfc64746f320f47c

    SHA512

    b7fd834177c914f0a0d974f5c6dd5c4423a98aaa70f370fc0d32173cbb1e5e7916e6759edc88d0d852c6543f1057f051673ea64050704e9e7d49df0d0449091d

    Download Submit

  • memory/2944-0-0x0000000000400000-0x0000000000439500-memory.dmp

    Filesize

    229KB

    Download

  • memory/2944-13-0x0000000000400000-0x0000000000439500-memory.dmp

    Filesize

    229KB

    Download

  • memory/2952-4-0x0000000000400000-0x0000000000439500-memory.dmp

    Filesize

    229KB

    Download

  • memory/2952-15-0x0000000000400000-0x0000000000439500-memory.dmp

    Filesize

    229KB

    Download

  • memory/2952-19-0x0000000000400000-0x0000000000439500-memory.dmp

    Filesize

    229KB

    Download

  • memory/2952-24-0x0000000000400000-0x0000000000439500-memory.dmp

    Filesize

    229KB

    Download