Analysis

  • max time kernel
    157s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 20:38

General

  • Target

    MyMalwareDatabase-main/MyMalwareDatabase-main/Frog.exe

  • Size

    5.2MB

  • MD5

    6128546e25df18564f28f6d593c51d76

  • SHA1

    b18cdfcb8ea1b70a08ce9925ab0f4ed99ce5c50a

  • SHA256

    c99f3878b0b04624af3c1c452a4f9a86d3ef0496383f9f173587cf6f14eae55a

  • SHA512

    019a3bdce86e5e5c374502a761855f577f8d742932e86f5d85ca4975c41ac94378a7d5c07e8a357c6e0de7f114914d8666780fa3f4b09a85a902fcf24cf32a35

  • SSDEEP

    98304:OZEVrN/30MkE0bGDdFXm3BpqZdolLF4axzDPv9uVlDD23iX8pbelR00:OZcrh3D0iD7mpqZdolLXzTvytwm1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MyMalwareDatabase-main\MyMalwareDatabase-main\Frog.exe
    "C:\Users\Admin\AppData\Local\Temp\MyMalwareDatabase-main\MyMalwareDatabase-main\Frog.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Users\Admin\AppData\Roaming\1337\Frog.exe
      "C:\Users\Admin\AppData\Roaming\1337\Frog.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\1337\php5ts.dll

    Filesize

    3.9MB

    MD5

    3795c616673a8c7cca3569f1e349878a

    SHA1

    a460cbf89201a8206c5f20c6bc5f1de9493560c8

    SHA256

    a3b1386d520ee5fc50f99070d31580f42ef654bddc8e0392d162f53387803720

    SHA512

    09309711bdc4f0a93879e43f5061a77cd54c7a33e6dc98b159c87f5f5eb4aa676763dab6538bb4ce95a983727496f4dba21d5883efe277b7a354b5032ee6ac9d

  • \Users\Admin\AppData\Local\Temp\nso9B96.tmp\System.dll

    Filesize

    11KB

    MD5

    2ae993a2ffec0c137eb51c8832691bcb

    SHA1

    98e0b37b7c14890f8a599f35678af5e9435906e1

    SHA256

    681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

    SHA512

    2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

  • \Users\Admin\AppData\Roaming\1337\Frog.exe

    Filesize

    4.3MB

    MD5

    41e75c80873b0ca18d56ddaba4c5aadd

    SHA1

    1d0423d6e66a4739db22939e1c16bcdc7eaa9746

    SHA256

    b7d4eef3fa0244a3618b3d60eab9a3ebaf1f8ec5cce9598d37e99b9d7a988cec

    SHA512

    402de19c72015fefefe02347fad8907762c991538c4ef7aa6b646c90d6fd7aadadcdb8be9f03d78a1b7cec712516faa318fde738b52dfa7b3aaa34219f2d1530

  • \Users\Admin\AppData\Roaming\1337\php5ts.dll

    Filesize

    3.5MB

    MD5

    87ebee0820c5b78783d40d0a11a14cb1

    SHA1

    4f20d54b8ab61d05b106573e4c5cc2220759c0ab

    SHA256

    fb25bbd896683326478b14173386fa3cbc2aeafc6cbb16f641a3936a0dc505e5

    SHA512

    f6cb9e9f60f5486ab5e6ca4a84a054f58f7706f00c8c8b34126dc2318eb8810bce822e1af55f80da1cc6f5ff0c10cfceba8605575bd6870488ad2c8a9ef75e8b

  • memory/1724-15-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/1724-21-0x0000000005900000-0x0000000005901000-memory.dmp

    Filesize

    4KB

  • memory/1724-22-0x0000000000400000-0x000000000064F000-memory.dmp

    Filesize

    2.3MB

  • memory/1724-24-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/1724-25-0x0000000005900000-0x0000000005901000-memory.dmp

    Filesize

    4KB

  • memory/1724-29-0x0000000000400000-0x000000000064F000-memory.dmp

    Filesize

    2.3MB

  • memory/1724-31-0x0000000000400000-0x000000000064F000-memory.dmp

    Filesize

    2.3MB