f77fcf6c1074bb84cdeff8aa30a02c49122dbad4c9009a8ab5f469f4e1122b7d

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba7dc5173b3962e58a6a94362d85bf77.exe
Size

1.6MB
MD5

ba7dc5173b3962e58a6a94362d85bf77
SHA1

2d11250edb232bed081ad9f5a17f2923973a32ba
SHA256

f77fcf6c1074bb84cdeff8aa30a02c49122dbad4c9009a8ab5f469f4e1122b7d
SHA512

586232c7f9fb3c5024405044fb27f9fccd6eb9faa0c57b621652785bab3eadb17a33dec6320fb7b80c16717dc5a98a4ff038c607a588b5c85ca8991dc8445122
SSDEEP

49152:2ayErUxFm6Yh6b8Q4oKy1UC55OjbRk8F+IgT7pURPgRVtO:nunDb8tIUM0S8iT7pUU2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1188	ba7dc5173b3962e58a6a94362d85bf77.tmp

Loads dropped DLL 4 IoCs

pid	Process
2360	ba7dc5173b3962e58a6a94362d85bf77.exe
1188	ba7dc5173b3962e58a6a94362d85bf77.tmp
1188	ba7dc5173b3962e58a6a94362d85bf77.tmp
1188	ba7dc5173b3962e58a6a94362d85bf77.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1188	ba7dc5173b3962e58a6a94362d85bf77.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1188	2360	ba7dc5173b3962e58a6a94362d85bf77.exe	28
PID 2360 wrote to memory of 1188	2360	ba7dc5173b3962e58a6a94362d85bf77.exe	28
PID 2360 wrote to memory of 1188	2360	ba7dc5173b3962e58a6a94362d85bf77.exe	28
PID 2360 wrote to memory of 1188	2360	ba7dc5173b3962e58a6a94362d85bf77.exe	28
PID 2360 wrote to memory of 1188	2360	ba7dc5173b3962e58a6a94362d85bf77.exe	28
PID 2360 wrote to memory of 1188	2360	ba7dc5173b3962e58a6a94362d85bf77.exe	28
PID 2360 wrote to memory of 1188	2360	ba7dc5173b3962e58a6a94362d85bf77.exe	28

C:\Users\Admin\AppData\Local\Temp\ba7dc5173b3962e58a6a94362d85bf77.exe
"C:\Users\Admin\AppData\Local\Temp\ba7dc5173b3962e58a6a94362d85bf77.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\is-BEJQG.tmp\ba7dc5173b3962e58a6a94362d85bf77.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BEJQG.tmp\ba7dc5173b3962e58a6a94362d85bf77.tmp" /SL5="$5014A,1321289,56320,C:\Users\Admin\AppData\Local\Temp\ba7dc5173b3962e58a6a94362d85bf77.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-BEJQG.tmp\ba7dc5173b3962e58a6a94362d85bf77.tmp

Filesize
689KB

MD5
a5b7d5b2e5fd01bb0afbc904644ae9de

SHA1
c39194cb4127d45c249de15dabc2f3b9604e48cd

SHA256
1f9a4c47ddebd6d2e771d35dd2c0a181ad5ec92d526b405ff16468b6e8713044

SHA512
edca6fb6b3536bf0cf9c65edee65ee38b124b3174529edfe7282ab3ae26d8d071f4fd77b4add1faa0b5dae3a85abb30fa92314c5bb749d9bcffd92ae1a3ceba9

Download Submit
\Users\Admin\AppData\Local\Temp\is-9R423.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-9R423.tmp\klninstall.dll

Filesize
278KB

MD5
f6751bdefbc993930257f19d90aa57d4

SHA1
765526cc46a63ef2fafa6ed6b771712e909424dd

SHA256
623e3df303906e15bb30e8ba3f76f3a0b094148d957189c2e736ff30c826245c

SHA512
5dd35b3434e1d9076af24f539ac7122c95f0d45431b43e74cbbd4be6740ca82325d07735bd4111d1a56e143f6e6dc0e0ace9db5c118551589a42620b0178da2c

Download Submit
\Users\Admin\AppData\Local\Temp\is-BEJQG.tmp\ba7dc5173b3962e58a6a94362d85bf77.tmp

Filesize
600KB

MD5
87ecddd0f08f0103b170a8241893b960

SHA1
45425e9855412df999b0e9645c2e7e29984a14d3

SHA256
e2c16b3b99260d19d7683cf543402c4ed7387819e7b90e895b578541f2db3f2b

SHA512
f31b95de9f7f7986bc71e864dd83f17113590eec5f44b0b1f8a01c6e6767e3a2b98d15894a87a85800cd0191e8de34f0e8ba30f2576cfd8bf31bdf9574d2f691

Download Submit
memory/1188-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1188-18-0x0000000000790000-0x00000000007E0000-memory.dmp

Filesize
320KB

Download
memory/1188-23-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1188-24-0x0000000000790000-0x00000000007E0000-memory.dmp

Filesize
320KB

Download
memory/1188-28-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2360-1-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2360-22-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads