Overview

overview

7

Static

static

3

8c28e4e619...60.exe

windows7-x64

7

8c28e4e619...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 00:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8c28e4e619bfafe9a17a65b059419bd2ccddaf47e6302b6a4891f69ca1e48c60.exe

  • Size

    241KB

  • MD5

    5dd13034d5db528a1d2de32f6478aee8

  • SHA1

    161afc3af3f19ee3efb3c3818f879a53fb60680b

  • SHA256

    8c28e4e619bfafe9a17a65b059419bd2ccddaf47e6302b6a4891f69ca1e48c60

  • SHA512

    3d80963b1a68654034c74164e4259a625a76624c1d8d59b8c252c7a0081895da360188bdf734e197e561d37f76aa26d49302d5c4680b1a338271a9339c1b8634

  • SSDEEP

    3072:eesF73nyQ6cRRs5dnYi+po2iOBpB1VaGaCc+keJF1UcnX7R:ee473yQ6c3odWqyBR3aCce1ZX7R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c28e4e619bfafe9a17a65b059419bd2ccddaf47e6302b6a4891f69ca1e48c60.exe
    "C:\Users\Admin\AppData\Local\Temp\8c28e4e619bfafe9a17a65b059419bd2ccddaf47e6302b6a4891f69ca1e48c60.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\.Trash-100\ActivateDesktop.exe
      C:\.Trash-100\ActivateDesktop.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2200

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\.Trash-100\db\framework_exe
          Filesize

          19B

          MD5

          665009c6d258a06e710ff8c7810f4697

          SHA1

          abf7abc9bae75e5323a12b1d58336dfe0fd58e22

          SHA256

          98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a

          SHA512

          a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

          Download Submit

        • C:\.Trash-100\db\version
          Filesize

          4B

          MD5

          28851508796a4b995d21bfa6cbfdce3a

          SHA1

          63d450c9e57f468b67777c759827604249f44c38

          SHA256

          d4db019f21752b4a3fa39241c92cbaca26fa2be0d27f39cde3f2e7ec47d1d5fb

          SHA512

          c54718ceaa9c9a1e0c90b454ef924c456267be13078816126981b862240028452b48a38d21d2ba55c1edde3b5f1e05a551567d14217bffaa040ee6687df41152

          Download Submit

        • \.Trash-100\ActivateDesktop.exe
          Filesize

          241KB

          MD5

          3570aaf4d2de730d0dd5ceb5a58423ea

          SHA1

          16de0c7c9bd59483c1d582b18fc23a2b0018aff5

          SHA256

          073e80ef265d59a3ad4551cb52a6d06a5f53588b2d536722533f55b7a33d26fe

          SHA512

          1bcdc7370dd0cce3b73631bbd8343a3f5984b7351e16bc57575c0cfa38ab36906e82cd32f5f89801033ae78ab45909962459cc4649f0d87f1e0f54c887ea5426

          Download Submit

        • memory/1784-3-0x0000000000DA0000-0x0000000000DE3000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1784-7-0x0000000000DA0000-0x0000000000DE3000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2200-9-0x0000000000060000-0x00000000000A3000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2200-14-0x0000000000060000-0x00000000000A3000-memory.dmp

          Filesize

          268KB

          Download