Overview

overview

7

Static

static

3

ba7dc5173b...77.exe

windows7-x64

7

ba7dc5173b...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 04:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ba7dc5173b3962e58a6a94362d85bf77.exe

  • Size

    1.6MB

  • MD5

    ba7dc5173b3962e58a6a94362d85bf77

  • SHA1

    2d11250edb232bed081ad9f5a17f2923973a32ba

  • SHA256

    f77fcf6c1074bb84cdeff8aa30a02c49122dbad4c9009a8ab5f469f4e1122b7d

  • SHA512

    586232c7f9fb3c5024405044fb27f9fccd6eb9faa0c57b621652785bab3eadb17a33dec6320fb7b80c16717dc5a98a4ff038c607a588b5c85ca8991dc8445122

  • SSDEEP

    49152:2ayErUxFm6Yh6b8Q4oKy1UC55OjbRk8F+IgT7pURPgRVtO:nunDb8tIUM0S8iT7pUU2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba7dc5173b3962e58a6a94362d85bf77.exe
    "C:\Users\Admin\AppData\Local\Temp\ba7dc5173b3962e58a6a94362d85bf77.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4780
    • C:\Users\Admin\AppData\Local\Temp\is-SGDFA.tmp\ba7dc5173b3962e58a6a94362d85bf77.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SGDFA.tmp\ba7dc5173b3962e58a6a94362d85bf77.tmp" /SL5="$6006E,1321289,56320,C:\Users\Admin\AppData\Local\Temp\ba7dc5173b3962e58a6a94362d85bf77.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:332

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-ODHUB.tmp\klninstall.dll
          Filesize

          278KB

          MD5

          f6751bdefbc993930257f19d90aa57d4

          SHA1

          765526cc46a63ef2fafa6ed6b771712e909424dd

          SHA256

          623e3df303906e15bb30e8ba3f76f3a0b094148d957189c2e736ff30c826245c

          SHA512

          5dd35b3434e1d9076af24f539ac7122c95f0d45431b43e74cbbd4be6740ca82325d07735bd4111d1a56e143f6e6dc0e0ace9db5c118551589a42620b0178da2c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-SGDFA.tmp\ba7dc5173b3962e58a6a94362d85bf77.tmp
          Filesize

          689KB

          MD5

          a5b7d5b2e5fd01bb0afbc904644ae9de

          SHA1

          c39194cb4127d45c249de15dabc2f3b9604e48cd

          SHA256

          1f9a4c47ddebd6d2e771d35dd2c0a181ad5ec92d526b405ff16468b6e8713044

          SHA512

          edca6fb6b3536bf0cf9c65edee65ee38b124b3174529edfe7282ab3ae26d8d071f4fd77b4add1faa0b5dae3a85abb30fa92314c5bb749d9bcffd92ae1a3ceba9

          Download Submit

        • memory/332-6-0x0000000002100000-0x0000000002101000-memory.dmp

          Filesize

          4KB

          Download

        • memory/332-16-0x0000000004F20000-0x0000000004F70000-memory.dmp

          Filesize

          320KB

          Download

        • memory/332-22-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/332-23-0x0000000004F20000-0x0000000004F70000-memory.dmp

          Filesize

          320KB

          Download

        • memory/332-27-0x0000000002100000-0x0000000002101000-memory.dmp

          Filesize

          4KB

          Download

        • memory/332-30-0x0000000004F20000-0x0000000004F70000-memory.dmp

          Filesize

          320KB

          Download

        • memory/4780-0-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/4780-21-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download