Overview

overview

7

Static

static

3

c721796672...83.exe

windows7-x64

7

c721796672...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c72179667210699354ef006490f34f83.exe

  • Size

    92KB

  • MD5

    c72179667210699354ef006490f34f83

  • SHA1

    b9da701d3675eca3d1c6282c88f3b6eb1fe78a18

  • SHA256

    0e1de5b5f3367392cba8b6ae93c503a661a706ba279cb15718f4731480694d9d

  • SHA512

    49d2ebb93c060b503c8fa222a32630040a9e2ef0d712352e9c48ebe538c9b51eab98748dc4be2cc1fe16de0714a62730678cf7464b9865cf655a503052dee751

  • SSDEEP

    1536:R5neEhlcTW5sk1Ptf2XbWINndIcN6JqCs5grSXCaWX3o6xjgPzj6X70f0R:bnj9PtfUKINndIc0JY5XSZX44jgPzPfa

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3352
      • C:\Users\Admin\AppData\Local\Temp\c72179667210699354ef006490f34f83.exe
        "C:\Users\Admin\AppData\Local\Temp\c72179667210699354ef006490f34f83.exe"
        2⤵
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:1192
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe
          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1132

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe
      Filesize

      31KB

      MD5

      4b818e975f37d13e27aa9e7fec7a3c2a

      SHA1

      31c4c4261a17fbefca336062f48e7c6537ab30d5

      SHA256

      c08386ecdaec2f4b0fd82b934d5a87413e8dcc212df49874817296ce74fdd9c8

      SHA512

      95a9d3fea5288a74f56a068393253ab7bf8903591156c454b8a008192c2e6a4c025f35d0d2cd5d579ff210c27ba2f4171abd3a9c2c750516a397b23dc5bd8e77

      Download Submit

    • memory/1132-5-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1132-6-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1132-11-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1132-12-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/3352-7-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/3352-8-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

      Filesize

      4KB

      Download