Overview

overview

7

Static

static

3

5e497ce4a8...ee.exe

windows7-x64

7

5e497ce4a8...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 19:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5e497ce4a80820a43a2df1fca47b722586e8788c78df541b47cb7f7266d7a1ee.exe

  • Size

    38KB

  • MD5

    3d2a1e5c77eb9cec2cd138b4c91c44f5

  • SHA1

    27f0ffea1cfe1b67552159c3f2c17687bd2eb628

  • SHA256

    5e497ce4a80820a43a2df1fca47b722586e8788c78df541b47cb7f7266d7a1ee

  • SHA512

    093a6d1078be49908381defb6d44ad48333d6a3a9eab203a69d1947a46217a96a73dfdec57881ed6b2e5b947770bc82b02fd3b65e4952d33c4674f81ba3f6a62

  • SSDEEP

    768:ac3C4zd6wl2oVZ3eNU6+qbs8ERJe4vzNT6oG57pHHIzniSfRZt+fkyR+i4HvG0T:aOHdYoVZuNUsdJmNLmHIzniSfrtu94HF

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e497ce4a80820a43a2df1fca47b722586e8788c78df541b47cb7f7266d7a1ee.exe
    "C:\Users\Admin\AppData\Local\Temp\5e497ce4a80820a43a2df1fca47b722586e8788c78df541b47cb7f7266d7a1ee.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\winmain.exe
      "C:\Windows\winmain.exe"
      2⤵
      • Executes dropped EXE
      PID:2000
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\_DelItG.bat" "
      2⤵
      • Deletes itself
      PID:2548

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_DelItG.bat
          Filesize

          295B

          MD5

          64a19c322f51d191ff8ecbd472e3a151

          SHA1

          7189174fec32657ff90ebe29d5e7dc585ddcfa6d

          SHA256

          166834be58268521ede096ac6b070f4228ad30a7d691b9f42b4ca2652d277fe2

          SHA512

          ba791d5bdb227ea9f6b1bb4038eb959f52bedd9b1037698aba7fde87a5a80c0c98f1047a3bca4bcfa54cc22c03ca855562db1268f67f78dc73421bdf22116a42

          Download Submit

        • C:\Windows\winmain.exe
          Filesize

          38KB

          MD5

          a42ba9d42565e22617eaac2c9f944279

          SHA1

          6f28e2afe4e5a47c1bf3026afbe977b519d90da7

          SHA256

          b2d7eb7fc0aba5cb48045f7634662db51887035f358e92295588e26244ad2a10

          SHA512

          6233b774b98f8d45cdc9931bcb98cb842c9418c361f15194d8a609e9971bc38557941fdd3d7d52916b131d49392c3f441d5715f6b2ee5e1b8fabc13c523877ce

          Download Submit

        • memory/1624-0-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/1624-4-0x0000000000580000-0x0000000000599000-memory.dmp

          Filesize

          100KB

          Download

        • memory/1624-11-0x0000000000580000-0x0000000000599000-memory.dmp

          Filesize

          100KB

          Download

        • memory/1624-26-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/2000-12-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download