Overview

overview

8

Static

static

3

c5531c17b1...a5.exe

windows7-x64

8

c5531c17b1...a5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 07:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5531c17b1c23d9c8607022534a199a5.exe

  • Size

    94KB

  • MD5

    c5531c17b1c23d9c8607022534a199a5

  • SHA1

    bd45cbd205661d63ca0f7406e14f9aabb20a76bc

  • SHA256

    17753170350a9573c26793264d46b266c52110b90e2ae6a73457b99d1c99240b

  • SHA512

    ad6f5d24bcc3d36622ed16bc20b5df31e15ee6603189a59851323d66c8bdb2d5f649adc25f353f58ce35f25c0f726244548adabf3db18cbaede8ea89c3ca20e9

  • SSDEEP

    1536:zNhEMb+RLZASx19hZM3x4v3coPeetUKiGo6:MMb+jX19hKivhme21Go6

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5531c17b1c23d9c8607022534a199a5.exe
    "C:\Users\Admin\AppData\Local\Temp\c5531c17b1c23d9c8607022534a199a5.exe"
    1⤵
    • Drops file in Drivers directory
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\htuvuhtvatxk.bat
      2⤵
        PID:2128

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\htuvuhtvatxk.bat
      Filesize

      232B

      MD5

      2d7963fa56ac5ee29e64d7f293a40db9

      SHA1

      64846d3e10ab6e9921be3660e93216a3a7efd07b

      SHA256

      b7df3764c25436e695ae73a8739c4b7f048b2e5f3a0afe18fdff9c276f589ad0

      SHA512

      528b8b8adeb07b3a20cb54f5d88e5df3f2fa0105f6a6deed4e2d9fef58c08278bf6606aa428b719b7c90a204b8963c8c3e8a5a7cb567fde7f3a6383bc86a0ca0

      Download Submit

    • memory/1072-0-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download