Overview

overview

7

Static

static

3

d72848cc67...2b.exe

windows7-x64

7

d72848cc67...2b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d72848cc67360a784b9aac9a05c90a2b.exe

  • Size

    75KB

  • MD5

    d72848cc67360a784b9aac9a05c90a2b

  • SHA1

    feaeac07629a7ec80e44a42c9fcd03310d778806

  • SHA256

    7564230bc13e3c6431ceac2410d407d8c52e287a9a1c5309af5fd63187bac42a

  • SHA512

    c6aea43786ae25ac4b1ff9490036c40678499c0c8c09dab836ff1a223da18b3e2256776725fb7ded309919c8949f794a69b3c07848f7077ed63bec18af42afc5

  • SSDEEP

    1536:s9ZPUn/YUtllEC6lyogIJq/wCg8YeY0vJTVhp2Qnibu0l:QPuYUJIJq/wCg8Yd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d72848cc67360a784b9aac9a05c90a2b.exe
    "C:\Users\Admin\AppData\Local\Temp\d72848cc67360a784b9aac9a05c90a2b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4240
    • C:\Users\Admin\AppData\Local\Temp\vusjeson.exe
      C:\Users\Admin\AppData\Local\Temp\vusjeson.exe
      2⤵
      • Executes dropped EXE
      PID:2044
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4436 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3804

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\vusjeson.exe
      Filesize

      76KB

      MD5

      6708247fa085c1b69fc99569a778d31b

      SHA1

      facbf9a7a6a8e2650e4d63b3aa11ea18062747b5

      SHA256

      721a61022fc510fb5dc8afe0c59f5baf7d2b12c11fb8b8cb0792c0ae4669b319

      SHA512

      928c4efc1e56f9216380bc850cb0f99ee9bae78a9fc9ad44c21bc5ce459c857e3299c3f8d3db59dcc1e2cea935ab81353cbf2565c7544cea2d61397f455f9b5b

      Download Submit

    • memory/2044-5-0x0000000000400000-0x000000000040D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/4240-0-0x0000000000400000-0x000000000040D000-memory.dmp

      Filesize

      52KB

      Download