Overview

overview

7

Static

static

3

89919b1220...e7.exe

windows7-x64

7

89919b1220...e7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 08:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    89919b12205105693956cd3d485ca4874e4e2eb0d32c5e85a465c4d80c215ce7.exe

  • Size

    1.2MB

  • MD5

    3b91e9c7a2d4444c4ac0ee34b501a327

  • SHA1

    8cfd32e2d5307ca85c335f63f7f84ef44a1be6f1

  • SHA256

    89919b12205105693956cd3d485ca4874e4e2eb0d32c5e85a465c4d80c215ce7

  • SHA512

    ec273f0518469f0c33d6a1ed449524721a799a6b8d1bcc8984fcbd3d7dc716f1c7380db57642c27a3ea2b22ec4e617d14517e9a86efb34884a2a5735daa59a6e

  • SSDEEP

    24576:uubsnafAPyjt/biEUCPzQ/KsLb6QAFlSNS59jPfmeKKGZYPb1e2UaJ:wI1biEUCE/lLb6QAeNTYoYPbcbaJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89919b12205105693956cd3d485ca4874e4e2eb0d32c5e85a465c4d80c215ce7.exe
    "C:\Users\Admin\AppData\Local\Temp\89919b12205105693956cd3d485ca4874e4e2eb0d32c5e85a465c4d80c215ce7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\net8.0-windows\CanTest.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\net8.0-windows\CanTest.exe" /CanTest.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2688

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\RarSFX0\net8.0-windows\CanTest.exe
          Filesize

          139KB

          MD5

          bad239f715b70ed9fa4909fd17923260

          SHA1

          5f6b24512bb4bc75a6e0c0c48fb607c610eade28

          SHA256

          b97397073b0eac8a9e69f63ba24dade61be9a06ee6abf28f291000ef9bbaa59d

          SHA512

          12e3e5a0be559bab16b84c965880db6e0d3ab14d41f5fe876a4c8f5cd274c51f737dddce7ae5cadee12c0eb689e4b41b977135eef443cfe73104d89180a2b3f1

          Download Submit

        • memory/2688-37-0x00000000002A0000-0x00000000002A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2688-40-0x00000000002A0000-0x00000000002A1000-memory.dmp

          Filesize

          4KB

          Download