Overview

overview

7

Static

static

3

c9599a59ec...18.exe

windows7-x64

7

c9599a59ec...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c9599a59ec2d9e6f2c7a0eb190a52818.exe

  • Size

    56KB

  • MD5

    c9599a59ec2d9e6f2c7a0eb190a52818

  • SHA1

    055639cf33e08b9cc85be18ef57eb76c595c4543

  • SHA256

    05bc03dc4f6a46c5250bec45fc83535d422fb3e270affde1db2936a04935042c

  • SHA512

    eab008c9bf24c8f0d121838436231badb24fd1e6298fe9acacc0288f784a105aaabf8db5f00786e6b5866aa4d9d1f8d13a887a90670385468a9f21c66bb3299a

  • SSDEEP

    768:lbYqFx1yy9VuWyEj0vaQxBrTvBFE33BiKBX4Bn7jKg:lbYziV9yEjyaQxx7wHBiKIn7+g

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c9599a59ec2d9e6f2c7a0eb190a52818.exe
    "C:\Users\Admin\AppData\Local\Temp\c9599a59ec2d9e6f2c7a0eb190a52818.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Users\Admin\AppData\Local\Temp\irvigline.exe
      C:\Users\Admin\AppData\Local\Temp\irvigline.exe
      2⤵
      • Executes dropped EXE
      PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\irvigline.exe
    Filesize

    56KB

    MD5

    72822eb6fd785a3d3b07d888454bdce5

    SHA1

    1cd6d772e25ad5f97ad6e942c57d02326dfd9f8c

    SHA256

    b4cb92a4ab2432adede91cea3cba6ddc99718a464a2d97884e4b75052cc4f49b

    SHA512

    7e54c32f0990a77247e6f3f141048c36d01744d7e6fb5cfdc39bd078465c607af0281cd37dea807702c2be929f9aeab9645c93f8c02e28cffa04144704af5839

    Download Submit

  • memory/2156-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2676-6-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download