Overview

overview

7

Static

static

3

7f1c6b30af...a0.exe

windows7-x64

7

7f1c6b30af...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f1c6b30aff69bf65aa196280f9b84002a6e62594f254d6be71dc750cc4642a0.exe

  • Size

    55KB

  • MD5

    4a4197e5b3b9011b28b1816a78b8d7d4

  • SHA1

    998dce2099e7e701ca7417ab293676fd8ae70593

  • SHA256

    7f1c6b30aff69bf65aa196280f9b84002a6e62594f254d6be71dc750cc4642a0

  • SHA512

    ce33e1cb5df5105269f6f0d47e3fd8a8177f76e5ff87507281b9d26118ff97801d321ab07454e63f45059fa115a9ff220817236e3ae104e11fefde8a5e0a6ea6

  • SSDEEP

    768:K9X2bnEpieDA62eIHwhzMnUJ30XbLt3EDEAndeVFipEH:IXaEoMA62ZYYUN0rxKOFuEH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f1c6b30aff69bf65aa196280f9b84002a6e62594f254d6be71dc750cc4642a0.exe
    "C:\Users\Admin\AppData\Local\Temp\7f1c6b30aff69bf65aa196280f9b84002a6e62594f254d6be71dc750cc4642a0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Users\Admin\AppData\Local\Temp\mtvhits.exe
      "C:\Users\Admin\AppData\Local\Temp\mtvhits.exe"
      2⤵
      • Executes dropped EXE
      PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\mtvhits.exe
    Filesize

    55KB

    MD5

    2547d5ff74363cd391af9a677f9782bf

    SHA1

    5a963388ceb933421ca148ebe3187fd39c4af1ef

    SHA256

    bb526960762f9c2a92861703a20cf30d4a8211198227078cc0d0ba9778d10e34

    SHA512

    331db27d9a11c20e6a94b4ff96ffd27230900d629da887315acb35a6b3fbffad52ea8ca223d28a8996cd8d2e4c05af6f8d96531addaeca9f7a7fe1b8c48488ec

    Download Submit

  • memory/2964-12-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2992-0-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2992-1-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2992-3-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download