Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 18:53

General

  • Target

    0b5decbf3cc3ba7d1c805f6fd9bdc88010a8c551890e19d221162c6d35d2bb8a.exe

  • Size

    1.1MB

  • MD5

    2c17e3d1b350e9c7d92092c9b232d121

  • SHA1

    d4fec219a3777e5f2ba9b119f7f026bf44bd80ec

  • SHA256

    0b5decbf3cc3ba7d1c805f6fd9bdc88010a8c551890e19d221162c6d35d2bb8a

  • SHA512

    39109f7acd0ce958612f961a114461d5c4594e3259eb68c8088a30e2a44a3b8682167280ef3f0ae9a22b8a014df16cb46945ff441f833200a31e44d8ff7224ff

  • SSDEEP

    3072:ba7zrWz8VVfTh8hyX3fTh8hyX4hxd6fTh8hyX2+J+sr+W9s:banrWz8VVF8hWF8hdhiF8h7sA

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b5decbf3cc3ba7d1c805f6fd9bdc88010a8c551890e19d221162c6d35d2bb8a.exe
    "C:\Users\Admin\AppData\Local\Temp\0b5decbf3cc3ba7d1c805f6fd9bdc88010a8c551890e19d221162c6d35d2bb8a.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 1116
      2⤵
        PID:2660

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          • memory/2004-1-0x00000000002A0000-0x00000000002E0000-memory.dmp

            Filesize

            256KB

          • memory/2004-0-0x0000000074660000-0x0000000074C0B000-memory.dmp

            Filesize

            5.7MB

          • memory/2004-2-0x0000000074660000-0x0000000074C0B000-memory.dmp

            Filesize

            5.7MB

          • memory/2004-43-0x0000000074660000-0x0000000074C0B000-memory.dmp

            Filesize

            5.7MB

          • memory/2004-44-0x00000000002A0000-0x00000000002E0000-memory.dmp

            Filesize

            256KB

          • memory/2660-42-0x0000000000470000-0x0000000000471000-memory.dmp

            Filesize

            4KB

          • memory/2660-45-0x0000000000470000-0x0000000000471000-memory.dmp

            Filesize

            4KB