Analysis
-
max time kernel
118s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/03/2024, 20:18
Static task
static1
Behavioral task
behavioral1
Sample
5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe
Resource
win10v2004-20240226-en
General
-
Target
5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe
-
Size
316KB
-
MD5
3a1df6e310a91f8c028288437448397c
-
SHA1
cf655370f090963d79af235cb41b45bdb7699e18
-
SHA256
5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b
-
SHA512
a81a1eec8f5b1e074cfce289dc11b3d8c87601a250e190e9c67cf562ef25a2b101531371c6a331b5ccc47176479d983921f0a31f873ead9e8c7a1a1d04281b28
-
SSDEEP
6144:dnMfIq+XLROUxHXGmUReIyZyCcgHuVzOaO+tZG5:dMgZXNOUBXXRTOAz+G5
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2176 5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe.back -
Loads dropped DLL 1 IoCs
pid Process 2080 5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2080 wrote to memory of 2176 2080 5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe 27 PID 2080 wrote to memory of 2176 2080 5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe 27 PID 2080 wrote to memory of 2176 2080 5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe 27 PID 2080 wrote to memory of 2176 2080 5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe"C:\Users\Admin\AppData\Local\Temp\5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Users\Admin\AppData\Local\Temp\5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe.back"C:\Users\Admin\AppData\Local\Temp\5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe.back"2⤵
- Executes dropped EXE
PID:2176
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HDT8MX\netdll[1].htm
Filesize6KB
MD5ae3b422dcf373d6049fd7561488c671a
SHA19aee24bbb270e78208e9c357c17b6ad4229bfae0
SHA25612cce97f44c1ffbcf6925e667a4cdf1d69c50425e608bb7d2e1f72b0d84f4401
SHA51229538be85d0767a8f965f0bc4bfe91169b9b63832093f94fccde8506aed19624c5960c299bcd0c4023dde2a354e245af4a1f9e368f4146b382c532b9831e4cb2
-
\Users\Admin\AppData\Local\Temp\5e615667e9975454729c339b8650fa39ce2fe480f1bf6eb2c93f902c5f3df12b.exe.back
Filesize316KB
MD55b1add03a220aad1fcdd1158fc733ccd
SHA105551f7d2c9b0eca4f70d68d076b884e56a0fc43
SHA256415153f526ce46248bdc37f5e5139428ea2f8318840d45641f073c50f46dbfec
SHA512a8c13b33d008ea7c26f7ca1cf43b63633405626e82fb4e0f79b91a0520bf2ee8617847c4ea286a5ceaadf1868b4fea7740fa3a98401f0f92ea1c95a13b046501