Overview

overview

5

Static

static

3

вирус_v2.0.exe

windows7-x64

5

вирус_v2.0.exe

windows10-2004-x64

1

Resubmissions

25/03/2024, 11:00

240325-m3yvkagg8y 5

25/03/2024, 10:58

240325-m24z7adg45 5

Analysis

  • max time kernel
    122s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/03/2024, 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    вирус_v2.0.exe

  • Size

    155KB

  • MD5

    cd564358f2933adb4259afb672f19911

  • SHA1

    a86753eeb0339f625148b76e4a7fe2f85a8858cc

  • SHA256

    dbc8b3f55307575516d50e820affb2f8f623a9ebc9844fbc4d1e4c8cdef8ff1e

  • SHA512

    b74f61a6e599fe37607b71c1979159773f63045a916c30154f06b73150b763e1332c040457dd722dc881978492f50cbd29e8d003cacff80cb06966d4a785a0cb

  • SSDEEP

    3072:raFfHgTWmCRkGbKGLeNTBfT16FY24wR+UIDBLCZ/F:W5aWbksiNTBL1sl

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\вирус_v2.0.exe
    "C:\Users\Admin\AppData\Local\Temp\вирус_v2.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6548.tmp\6549.tmp\654A.bat C:\Users\Admin\AppData\Local\Temp\вирус_v2.0.exe"
      2⤵
        PID:2200
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2404
      • C:\Users\Admin\AppData\Local\Temp\вирус_v2.0.exe
        "C:\Users\Admin\AppData\Local\Temp\вирус_v2.0.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2736
        • C:\Windows\system32\cmd.exe
          "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\7ABB.tmp\7ACC.tmp\7ACD.bat C:\Users\Admin\AppData\Local\Temp\вирус_v2.0.exe"
          2⤵
          • Drops file in System32 directory
          PID:1360

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\6548.tmp\6549.tmp\654A.bat
        Filesize

        246B

        MD5

        bdbebba28b6b37e48a6e0a0baa3837cd

        SHA1

        4bb511e888997be7ebac0b5d8ff1f90be6141843

        SHA256

        4c30117451d4e1a235f30a6a3d0ff654fd179caaca0edb3e20f7aafedc22df12

        SHA512

        422f6af590fae3c50d4259a52d025e603229e741d7be93a13573ab64a747a3199658400888e972e0255566afc2d721c335041cca05b4142d46630540867b875d

        Download Submit