Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/03/2024, 20:16
Static task
static1
Behavioral task
behavioral1
Sample
74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c.exe
Resource
win10v2004-20240226-en
General
-
Target
74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c.exe
-
Size
79KB
-
MD5
e97307226612f137f32151993a9b7127
-
SHA1
057c8eb860d3d8a9921d65e9eb4fa76d2ed9af2d
-
SHA256
74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c
-
SHA512
63fb95bc14efaf7889161c230ca7e3afbeff51fba4f49e4eeb48032ea5a3ed1d122ed5dea23069b9a44faf075e159b37943aabd58cc50542cdc492d243e86fa8
-
SSDEEP
1536:zvLL///iH7AtfIrRjOQA8AkqUhMb2nuy5wgIP0CSJ+5yGB8GMGlZ5G:zvf///iH7+fUQGdqU7uy5w9WMyGN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2172 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2212 cmd.exe 2212 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2304 wrote to memory of 2212 2304 74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c.exe 29 PID 2304 wrote to memory of 2212 2304 74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c.exe 29 PID 2304 wrote to memory of 2212 2304 74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c.exe 29 PID 2304 wrote to memory of 2212 2304 74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c.exe 29 PID 2212 wrote to memory of 2172 2212 cmd.exe 30 PID 2212 wrote to memory of 2172 2212 cmd.exe 30 PID 2212 wrote to memory of 2172 2212 cmd.exe 30 PID 2212 wrote to memory of 2172 2212 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c.exe"C:\Users\Admin\AppData\Local\Temp\74406e1e9d57a1772f9467b69bd62c7a1f1012b38b125e84bfad002083062f2c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2172
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD58b993b31be6b61ed282bf93379e252a9
SHA179794a86cc45bf58e4fbd0aca896f29a828c3256
SHA256c8860156cb3d5b19488dd7a99e08866eefa33e747a68248040a17760161e764d
SHA51259244f06f9d3765560d93fb9e71aaac3f493df9f603563f86a82c74bc38a072d69a469a8bb14ddd61323e3a75417a2312387eb117ae215da32b59a206a32e38c