Overview

overview

7

Static

static

3

d62d8635dc...f9.exe

windows7-x64

7

d62d8635dc...f9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 13:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d62d8635dc16c516f51561c5a2d533f9.exe

  • Size

    48KB

  • MD5

    d62d8635dc16c516f51561c5a2d533f9

  • SHA1

    ad536823ee9ecb7c121d6782fe11fe6b42925374

  • SHA256

    a0081fb0791d0535db30af5e892918390c12cf0cad0b33276ea952878d31829e

  • SHA512

    f11adb6c64f73fe1965f02689d09793c32b9d0ddb80ec3d9a69aa92f80cf26ef8a05b459a58bf9e0c50475e70d1dd130b63434a061bfdcbb10cd2752823fc359

  • SSDEEP

    768:6buDiv3N+KjGgZCH6yku7oGeZsQT6rd/tjtP19DWsWqFUUEhJJMXLSi2uJ2uh:hiPMIGIdtCo0Ftpt3yZzJJoLS0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d62d8635dc16c516f51561c5a2d533f9.exe
    "C:\Users\Admin\AppData\Local\Temp\d62d8635dc16c516f51561c5a2d533f9.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\juupdate.exe
      "C:\Users\Admin\AppData\Local\Temp\juupdate.exe" "C:\Users\Admin\AppData\Local\Temp\master.kvh"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2648

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\tt\546546465465465.txt
          Filesize

          9KB

          MD5

          e710026dda5d338a696475ccdad2eef1

          SHA1

          79985f4bc32adab9d1133846ac50445ff9e2c5da

          SHA256

          2adb4fdd59322c08222c6c73b6ae69dd22390b30d3ba50f869bf939e560c72f9

          SHA512

          e4f6c2acff673f6c0ca8d193000fe37cd000f9f2ebd7f480220d5c93629cbf1e2129fe73ffac47b2a6cc52132ced3650fece0937e086ca9f3ffb331b5d8e4490

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tt\oy.i
          Filesize

          12KB

          MD5

          c73de7f78a8746668d005fd41cf91aab

          SHA1

          917075a7e2ab88a0ca7240229457fbfe4faa41e1

          SHA256

          6a6e21b03acf3762e18891a1cdd96907aec74c4a6049ab3265c2c7aa57163263

          SHA512

          a7a787ee68cad08677180d5f683c89d42bceba25b30096b7797f427fac06c83425e0378fdf49e5f18cc9c47e8102c1a2c6f04567bbce1748c344b113eadb01ff

          Download Submit

        • \Users\Admin\AppData\Local\Temp\juupdate.exe
          Filesize

          138KB

          MD5

          d1ab72db2bedd2f255d35da3da0d4b16

          SHA1

          860265276b29b42b8c4b077e5c651def9c81b6e9

          SHA256

          047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0

          SHA512

          b46830742eebc85e731c14f7dc72cc6734fcc79aab46f6080c95589c438c4cca0a069027badc0a8a78e4deeb31cdf38df3d63db679b793212a32efdad7bb8185

          Download Submit

        • memory/1968-0-0x0000000000400000-0x00000000007AC02D-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/1968-24-0x0000000000400000-0x00000000007AC02D-memory.dmp

          Filesize

          3.7MB

          Download