Overview

overview

7

Static

static

3

170bc2d2ea...4b.exe

windows7-x64

7

170bc2d2ea...4b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 21:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    170bc2d2ea2cd61c564157788dede16026e4d51fe162503306c8f01c204e154b.exe

  • Size

    59KB

  • MD5

    6a82d83d561949f77a0b4e9d529ec19e

  • SHA1

    80baddf85b8de653f3257590513c94452e133de1

  • SHA256

    170bc2d2ea2cd61c564157788dede16026e4d51fe162503306c8f01c204e154b

  • SHA512

    e048c61cfe4eb3c75abf882505fed53b799811570723e40a6f5d615cd5572d8340d63417c829b1b7447027c2a1367d316c31371e5c3c9c3d898c9e78537268d6

  • SSDEEP

    1536:0M6478/JKvXnLI0Cu9VwH5pFrwL2hrvZaMtHQrwzg:tV7IJKfku9CH5wf

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\170bc2d2ea2cd61c564157788dede16026e4d51fe162503306c8f01c204e154b.exe
    "C:\Users\Admin\AppData\Local\Temp\170bc2d2ea2cd61c564157788dede16026e4d51fe162503306c8f01c204e154b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
      C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
      2⤵
      • Executes dropped EXE
      PID:3692

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
          Filesize

          45KB

          MD5

          8e26997bda5878865dc0b0742ee0b160

          SHA1

          48b6faf79b36a2f3dc5998377de02651917dec2a

          SHA256

          97d5c7342d19842a8f306c19a5014ad47b52afe09679d4e6f2684ee0b102e255

          SHA512

          dcce2f5056f0599798014c4745d78e420642e9faf583a14cc3dda6fb37cfd2f7fcc505f27183e357e65201109111fcaba3e0b4b22dee99f4f15eb5b7a1a3b9d5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
          Filesize

          33KB

          MD5

          9f4f4e76153e50c9d237ba5b387809cc

          SHA1

          72ea6b10f97f39b04711c07b43184d6a9b108b70

          SHA256

          5321355fdf5fc68cf0973e3d175534d2f568ab466664e1b57af2b031d27fd071

          SHA512

          f38af8c5b05329cb79753ff9e46ff85099c7bcf462409a7300d406b093f8e1bf36c2094c2d37443cf7115ffbe13bfd7d4da26faca7c3a42313ef52c70ad4aaeb

          Download Submit

        • memory/1872-0-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/3692-6-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/3692-5-0x00000000004F0000-0x00000000004F3000-memory.dmp

          Filesize

          12KB

          Download