Overview

overview

7

Static

static

3

WisMencode...up.exe

windows7-x64

7

WisMencode...up.exe

windows10-2004-x64

7

安装说明.url

windows7-x64

1

安装说明.url

windows10-2004-x64

1

Analysis

  • max time kernel
    158s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 07:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    WisMencoder_197_setup.exe

  • Size

    23.9MB

  • MD5

    e7c422c1c7b3c7ec3005da0e98d3e53d

  • SHA1

    0a4311a741630e8449152361a34015b830674dc7

  • SHA256

    d36c56a15bddfb9093ebc7fbddb65119691588527505825b2267b4589f86ddfd

  • SHA512

    e04af4c61c199fe94bb5edd6bb8472f4040f7cdc6125a83f2648bab7c9ba80437f01a489f64149ce9861049dcff4bcb81b80e58f627d1adf7c31d592146a5736

  • SSDEEP

    393216:icOekJ5DRjj7NJjcNT7q9OVeSOZiewBigVdGRxgvT6vTi1F6bDD3q+stoNQq4I:iDDRjNFcNT4tZmiU+K76vu1FGD3qbq4I

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WisMencoder_197_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\WisMencoder_197_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3724
    • C:\Users\Admin\AppData\Local\Temp\is-T9GU0.tmp\is-V0JDD.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-T9GU0.tmp\is-V0JDD.tmp" /SL4 $9011C "C:\Users\Admin\AppData\Local\Temp\WisMencoder_197_setup.exe" 24816454 52224
      2⤵
      • Executes dropped EXE
      PID:2268

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-T9GU0.tmp\is-V0JDD.tmp
          Filesize

          643KB

          MD5

          036ef63e2f9b138a42d6adb54ec0cd1e

          SHA1

          353db5d438205a726a6d54beb62f9c62638f501d

          SHA256

          71b487f0523f213004766402b22bf86fa0ef9891e940d2a4cb12eba6627e7cc6

          SHA512

          31b8f6e76c8c4f5323f12384c41f6f2b04e58545c121da71e2a4da947a9c0aea9eb05df4f8199cc6dc89bc238577c4e2d5fb4b66e77e1130bc72b6c38f207cc9

          Download Submit

        • memory/2268-7-0x0000000002350000-0x0000000002351000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2268-9-0x0000000000400000-0x00000000004CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3724-0-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

          Download

        • memory/3724-2-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

          Download

        • memory/3724-8-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

          Download