Overview

overview

7

Static

static

3

c14411dae1...fd.exe

windows7-x64

7

c14411dae1...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-03-2024 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c14411dae1ccc60166a2bd9de2c337fd.exe

  • Size

    440KB

  • MD5

    c14411dae1ccc60166a2bd9de2c337fd

  • SHA1

    e0d787968c75146c6fd307ec06a0b75b0b9b3701

  • SHA256

    ccb7ae711a23d94ddbe1e10bb6d37c05e6bde240997d8330c6744bdbc3fbf072

  • SHA512

    6b71c0003c044e7d0203d466e0fbad6eba0bc8254f9c51d5e4dcaa1af8c438cdb24f798d3e7f10abb2d5b08ddf3ebb572d2278e51faa23bc059f5a93745ea863

  • SSDEEP

    12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2A8UkiKemcXc+v8oQW:7zXKqa8SEijjC+378HOmcxh7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c14411dae1ccc60166a2bd9de2c337fd.exe
    "C:\Users\Admin\AppData\Local\Temp\c14411dae1ccc60166a2bd9de2c337fd.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3532
    • C:\Program Files (x86)\ehqp\ijsrvz.exe
      "C:\Program Files (x86)\ehqp\ijsrvz.exe"
      2⤵
      • Executes dropped EXE
      PID:712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\ehqp\ijsrvz.exe
    Filesize

    460KB

    MD5

    d1ffc9fa5310515687a05f75ca9f0e95

    SHA1

    df68d5fef4d7648e8e50c01580ebef4244655c3c

    SHA256

    c0912d27c34d621becec8fc2f82054db2f950790197bbe9b699535f17d29e92f

    SHA512

    29e4624f1ea3b239c8f0bd9ccc807833c4a607020b4e780f3f59f58be1ddd3947894e3e3633fdc002c2ffdd8a7327ac182dff2edc6c8bbe9013f24da6c7929c0

    Download Submit

  • memory/712-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/712-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3532-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3532-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3532-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download