b31f71f34201e1a72c043a805e741a58921438d7819023c22c7fa33f064474f2

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/03/2024, 00:55 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7831a4b350dedc1530b26e6224a608b.exe
Size

241KB
MD5

d7831a4b350dedc1530b26e6224a608b
SHA1

790f2ce7426c5e6229397fe183bbbad52756abd5
SHA256

b31f71f34201e1a72c043a805e741a58921438d7819023c22c7fa33f064474f2
SHA512

a1ea3a55626ad7fdf547d466f682f4760c3fb6b761ef6cb6be579475704bcf79ffb1ed4ffba66ace9b7dc983a20e1f374d66775edb1b7578ba8c1157639b496b
SSDEEP

6144:hRgym92YGB+40vPLGPAHVyKgachomI69VaxYM:b6fu+40vPLV219VjM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2656	winvnc.exe

Loads dropped DLL 5 IoCs

pid	Process
1656	d7831a4b350dedc1530b26e6224a608b.exe
1656	d7831a4b350dedc1530b26e6224a608b.exe
2656	winvnc.exe
2656	winvnc.exe
2656	winvnc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2656	winvnc.exe
2656	winvnc.exe
2656	winvnc.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2656	winvnc.exe
2656	winvnc.exe
2656	winvnc.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2656	1656	d7831a4b350dedc1530b26e6224a608b.exe	28
PID 1656 wrote to memory of 2656	1656	d7831a4b350dedc1530b26e6224a608b.exe	28
PID 1656 wrote to memory of 2656	1656	d7831a4b350dedc1530b26e6224a608b.exe	28
PID 1656 wrote to memory of 2656	1656	d7831a4b350dedc1530b26e6224a608b.exe	28
PID 1656 wrote to memory of 2656	1656	d7831a4b350dedc1530b26e6224a608b.exe	28
PID 1656 wrote to memory of 2656	1656	d7831a4b350dedc1530b26e6224a608b.exe	28
PID 1656 wrote to memory of 2656	1656	d7831a4b350dedc1530b26e6224a608b.exe	28

C:\Users\Admin\AppData\Local\Temp\d7831a4b350dedc1530b26e6224a608b.exe
"C:\Users\Admin\AppData\Local\Temp\d7831a4b350dedc1530b26e6224a608b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Users\Admin\AppData\Local\Temp\7zS12F4.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2656

Network

No results found

200.180.24.245:5500

winvnc.exe

152 B
3

No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS12F4.tmp\background.bmp

Filesize
1KB

MD5
392e960df38569460b5fb11e43a28623

SHA1
0eea9f3514d67a386fc8258c1d045dd8da3b1813

SHA256
6cf43afe37a9080ce304c09bdfe0d4c69babc8580a7b691f23d6db7195e09388

SHA512
09abe116364a16511c88f4bd2cb882d1f411e736a48a2f0293f7b90e18bc847c794e94e3e7a9cff180daa5a9302dd70b0b194a391b4d1d13bda97f0e38c9f2df

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12F4.tmp\helpdesk.txt

Filesize
832B

MD5
cc1343397ff0a5108b3df2a6e1f8b383

SHA1
8c3f85439b55b40180de50372891ba5b7ccebd53

SHA256
ddcc99641ccc78de7b75bd6cf6de6fd8f167741f4ff271f4b0b36ecf4a1e72c1

SHA512
2c2a31e498cf5a94503dae4423fa75820d014e6a66773fca2c9877a5069245a1054c4cc4c3addc0597b118132ac4a1a6d7dfd22f652c4efdcbb1a0e243ae3806

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12F4.tmp\icon1.ico

Filesize
4KB

MD5
d8e7b12228ae7bdf0f0f66cee3c27967

SHA1
d32707e36dff8b76b39d4cc06a78178b79c5bb07

SHA256
faac430a88536a332673175ec870aca0dd35a4a383af6e13eeecad18f4759b16

SHA512
aa93e70cd570399879331cd3fb84abf14ee3c9e458bdd3a62660c81b88ffdd8ccb65c54bb010ae074aa56280dbd7ff041ab756e6630a3554b4bdaa4d241738ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12F4.tmp\icon2.ico

Filesize
4KB

MD5
984e93fc7cb70c16fa6a832c5b4dcb2b

SHA1
320996080dd7690d793b097d4420a235d6b91e12

SHA256
262429e8b1eb39b1ef18e838cfe6783beac7be0f0135c868a64edd3182c1f398

SHA512
27f881f1eaeed768719a6c0c48c628d001209d4da1917372e8a84b73e13a435fe2693fe16fdb46c3cb8634155354f101ba2af201104fbedf64f58a42091a35ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12F4.tmp\logo.bmp

Filesize
7KB

MD5
aa16611219470c1e94aef22310295649

SHA1
b64841ebc0fd82663063a65e4b9c59ec349fbce1

SHA256
4db648774a03ec2718c1969f262f8e2effe2188fb46b34517ad83d8ce3fd98a0

SHA512
46907cf43a7213eea22e786c092418de7a5a887a59a775229a65e9c7f4927a521e54eea56e5ea60c80fddb160ecf0c076b446892fc38549b1dc590670c22d7a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS12F4.tmp\winvnc.exe

Filesize
240KB

MD5
b4c64a5fda48e9c4ff91d7e7d93ddf5b

SHA1
264dc61352a26ca136d8206ee40b58824a63ade7

SHA256
d7a8b19d476c351b7f04b0582494b4153a2580d89af233d1f1db7ad46b9a947f

SHA512
6e39c5432b064cfe190d14fe7bfc4b1ccfc3008bd18b1b98c10bcd666724a6a00650250055eea082ff5bc0007024dd0cc131aa109ed606952492f051e25f8c63

Download Submit