Overview

overview

7

Static

static

3

Abrosoft F....4.exe

windows7-x64

7

Abrosoft F....4.exe

windows10-2004-x64

7

Interop.IW...ry.dll

windows7-x64

1

Interop.IW...ry.dll

windows10-2004-x64

1

Interop.SHDocVw.dll

windows7-x64

1

Interop.SHDocVw.dll

windows10-2004-x64

1

Rainmeter.dll

windows7-x64

3

Rainmeter.dll

windows10-2004-x64

3

config.exe

windows7-x64

7

config.exe

windows10-2004-x64

7

msreg.dll

windows7-x64

1

msreg.dll

windows10-2004-x64

1

update.exe

windows7-x64

1

update.exe

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 08:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    config.exe

  • Size

    7.1MB

  • MD5

    d54453fff288b644e3244262068e5ace

  • SHA1

    cfdc888f013dd89291880761114c30112409713c

  • SHA256

    1bae8a015ca3bf075e7e8258d59740f886c2c4d7f9a92341f865b2ef523c1091

  • SHA512

    a4c613f457e25e43eeb303cbdc43868df617964bb51e5899314ee5ce8e5c82d464100c1b8bb7838022ef3f9127da9d5354f843dd3150656ad648270cad9a0897

  • SSDEEP

    196608:5eVI0DNLPOX2LxkCiPSrB7NADf2KjCYXau8rcBe0dEM:5eDlp9xrsDfzr5+cs7M

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\config.exe
    "C:\Users\Admin\AppData\Local\Temp\config.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Users\Admin\AppData\Local\Temp\is-MQP6G.tmp\config.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-MQP6G.tmp\config.tmp" /SL5="$A011E,7126266,68096,C:\Users\Admin\AppData\Local\Temp\config.exe"
      2⤵
      • Executes dropped EXE
      PID:4652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-MQP6G.tmp\config.tmp
    Filesize

    713KB

    MD5

    a02c19c7c29f2058cea899b68a15b572

    SHA1

    6a55777a7d32954a589ec7f60cba854f98fae58c

    SHA256

    63c32e6233e8497f44f4ac67961c5b80f28ed113eb47471ed428b9a2f7cc60f6

    SHA512

    c0635fe1ff5a8f312d207cf4f70a3c672470119e1a6a968e98cdbc985d92c58984851041ecf4c6ab452811ab5d5de8528b2dde4543c62810ab17fc3216572eb0

    Download Submit

  • memory/1052-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1052-2-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1052-13-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4652-7-0x0000000000730000-0x0000000000731000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4652-14-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/4652-17-0x0000000000730000-0x0000000000731000-memory.dmp

    Filesize

    4KB

    Download