Overview

overview

7

Static

static

1

bea34078c3...22.exe

windows7-x64

7

bea34078c3...22.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    12-04-2024 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe

  • Size

    1.7MB

  • MD5

    59cb69a08fdd9cb4b0539e3356df1d4d

  • SHA1

    0c773a0a76f821780c002d527bee387b98904569

  • SHA256

    bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522

  • SHA512

    51d4f3d396d183bc5dcaaa0a26cf024fade9b5e5c0e73e1d2ee7663ba26bc55e799beb488d5bab8d8252147b33df6ea1209ebd730124a919940e899758842ec2

  • SSDEEP

    24576:u7FUDowAyrTVE3U5Fg23TD2D+Fz3ifFUwo433RfFcdnOtksSm:uBuZrEUWq0t9D7l

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe
    "C:\Users\Admin\AppData\Local\Temp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Users\Admin\AppData\Local\Temp\is-PGJHC.tmp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-PGJHC.tmp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp" /SL5="$40152,890440,866304,C:\Users\Admin\AppData\Local\Temp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab3E5A.tmp
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar3E9B.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar41EF.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\is-G6400.tmp\Nord.Setup.dll
    Filesize

    40KB

    MD5

    fb3b4bb0ea4f23de6109281606a35c8e

    SHA1

    01fc9184e971407bf2c7bc4b4e5181c96a16e38b

    SHA256

    5a8c26e985a7346e04d95e57373e7f65646d42f2403ccb24e5092d21d6a2a5b9

    SHA512

    6481aa9610589fb9609d74c8daa70b527593833972540bbcfeef11bc1ec66544b77ad5517b06b46b3e157969593095045253487c57a6b712efba9f47b75873e6

    Download Submit
  • \Users\Admin\AppData\Local\Temp\is-PGJHC.tmp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp
    Filesize

    3.1MB

    MD5

    29ca787f3a0d83846b7318d02fccb583

    SHA1

    b3688c01bef0e9f1fe62dc831926df3ca92b3778

    SHA256

    746b972e21acb59e4086b5b25fe53ef2cddcecfa94dd56ad68c8e5bab9960c3c

    SHA512

    a6c21bf5590dc91a5d9bc729d9c04c20b54341d3270efd2fb7d2b548d7dc7b23a1a351147a07dfd569e901a608cb44533304de10725cb02fec781cada80b8e3b

    Download Submit
  • memory/1684-192-0x0000000000400000-0x00000000004E1000-memory.dmp
    Filesize

    900KB

    Download
  • memory/1684-1-0x0000000000400000-0x00000000004E1000-memory.dmp
    Filesize

    900KB

    Download
  • memory/2468-18-0x0000000004010000-0x0000000004050000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2468-22-0x00000000741E0000-0x000000007478B000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/2468-21-0x00000000741E0000-0x000000007478B000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/2468-8-0x0000000000240000-0x0000000000241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2468-193-0x0000000000400000-0x000000000071B000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/2468-194-0x0000000000240000-0x0000000000241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2468-197-0x0000000004010000-0x0000000004050000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2468-198-0x00000000741E0000-0x000000007478B000-memory.dmp
    Filesize

    5.7MB

    Download