Overview

overview

7

Static

static

3

085262d4b8...96.exe

windows7-x64

7

085262d4b8...96.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    11-04-2024 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    085262d4b8166c07c057582d5d76bf272a9f4303420171e3703cda7d88a8f096.exe

  • Size

    1.7MB

  • MD5

    77f37affcd5b9a3b0c9234d8e6342545

  • SHA1

    37d80706f38b38b35a12eb3565edd4da449a9a00

  • SHA256

    085262d4b8166c07c057582d5d76bf272a9f4303420171e3703cda7d88a8f096

  • SHA512

    85425e635af29530e6738d130656c5db77be2dcaf03b9fed1be5c2f1860411c802e853ccded347169bd6dce9b026d879dad0abee2515bd0070bf49b460c8ab90

  • SSDEEP

    24576:s7FUDowAyrTVE3U5F/pGqKzKic6QL3E2vVsjECUAQT45deRV9RW:sBuZrEUExKIy029s4C1eH9c

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\085262d4b8166c07c057582d5d76bf272a9f4303420171e3703cda7d88a8f096.exe
    "C:\Users\Admin\AppData\Local\Temp\085262d4b8166c07c057582d5d76bf272a9f4303420171e3703cda7d88a8f096.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Users\Admin\AppData\Local\Temp\is-J37VV.tmp\085262d4b8166c07c057582d5d76bf272a9f4303420171e3703cda7d88a8f096.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-J37VV.tmp\085262d4b8166c07c057582d5d76bf272a9f4303420171e3703cda7d88a8f096.tmp" /SL5="$30130,922170,832512,C:\Users\Admin\AppData\Local\Temp\085262d4b8166c07c057582d5d76bf272a9f4303420171e3703cda7d88a8f096.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-72OAG.tmp\idp.dll
    Filesize

    232KB

    MD5

    55c310c0319260d798757557ab3bf636

    SHA1

    0892eb7ed31d8bb20a56c6835990749011a2d8de

    SHA256

    54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

    SHA512

    e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-J37VV.tmp\085262d4b8166c07c057582d5d76bf272a9f4303420171e3703cda7d88a8f096.tmp
    Filesize

    3.1MB

    MD5

    00485b6f194204fc7f92f710bf628b6e

    SHA1

    f4c1fe662b7fc65556050128964417abf094a299

    SHA256

    e85a7b47a3772f8816d5b09b3dff8a05ee556bd5b237b0c29374ac2f29d72421

    SHA512

    fd0df97f522ff7f2b7fe299a1d912cc7750b3d52ef8694d2544ef142c38f5b8afae41e23900436dbc3e482698e4a65a01d09fea3d4919e57470942ce4ab65480

    Download Submit

  • memory/1660-0-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/1660-13-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/2724-7-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-14-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2724-17-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download