Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19/03/2024, 22:17
Static task
static1
Behavioral task
behavioral1
Sample
89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8.exe
Resource
win10v2004-20240226-en
General
-
Target
89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8.exe
-
Size
79KB
-
MD5
5e42ccd5e8e30172f099de9fedddafd2
-
SHA1
5c9664012440ba8e83673bdc875e3c9d8159c7d8
-
SHA256
89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8
-
SHA512
1e80a7face5e8c660e3c3dbb7375d61b558fec568bd01e8823c480376ecf600e4d7c6ed4a5fad89c8fe7f74b203c024986ce7cb49ce21bb8be63724e31e7ae85
-
SSDEEP
1536:zvrQMaIbTWazYa9OQA8AkqUhMb2nuy5wgIP0CSJ+5ykmB8GMGlZ5G:zvrbHbTDMakGdqU7uy5w9WMyzN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 112 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2308 cmd.exe 2308 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1284 wrote to memory of 2308 1284 89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8.exe 29 PID 1284 wrote to memory of 2308 1284 89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8.exe 29 PID 1284 wrote to memory of 2308 1284 89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8.exe 29 PID 1284 wrote to memory of 2308 1284 89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8.exe 29 PID 2308 wrote to memory of 112 2308 cmd.exe 30 PID 2308 wrote to memory of 112 2308 cmd.exe 30 PID 2308 wrote to memory of 112 2308 cmd.exe 30 PID 2308 wrote to memory of 112 2308 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8.exe"C:\Users\Admin\AppData\Local\Temp\89c3fc207e5923404f97538083e3a4ce30bad3e1ed2234c02f4a101c530de8e8.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1284 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2308 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:112
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD53441d2f2824104f06e15765ebe21eee3
SHA13134351178ec741c99d9cd01f3afa38aad025490
SHA256d7deded77430000f4aff2ee57b29d92a491f9552cffaf1044b5e9479527c8787
SHA512cf1b1a2662990198c3e991f6e986fed47a4db32c91eae2b725632cf53e1a10f48b9706b9df30aaf8d2932226beeff22ba4dd38b3c3c8d2c07cd058822b607526