Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 00:47
Static task
static1
Behavioral task
behavioral1
Sample
9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe
Resource
win10v2004-20240412-en
General
-
Target
9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe
-
Size
7.5MB
-
MD5
1309f85d00894742691dd477c5932595
-
SHA1
002ba9b3e96994fb0bbc0b1037051e137e1772ad
-
SHA256
9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b
-
SHA512
98ed4815c0c0f4dc981f4aa35d6aea7f8cc3700982165e5d98136ab5225c3bb31459e5f5d2981d442f3c3c7c0b8083415cb2ee5948ca32bc2753f1af294df647
-
SSDEEP
98304:emhd1UryeWVRwgnqNM1o82js/V7wQqZUha5jtSyZIUbQ:el2Hjqq1N2jA2QbaZtlix
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1500 1F53.tmp -
Executes dropped EXE 1 IoCs
pid Process 1500 1F53.tmp -
Loads dropped DLL 2 IoCs
pid Process 2524 9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe 2524 9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2524 wrote to memory of 1500 2524 9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe 28 PID 2524 wrote to memory of 1500 2524 9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe 28 PID 2524 wrote to memory of 1500 2524 9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe 28 PID 2524 wrote to memory of 1500 2524 9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe"C:\Users\Admin\AppData\Local\Temp\9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2524 -
C:\Users\Admin\AppData\Local\Temp\1F53.tmp"C:\Users\Admin\AppData\Local\Temp\1F53.tmp" --splashC:\Users\Admin\AppData\Local\Temp\9e58d0d76f01dc29baaa9e5fa5c733081b32615df4c88eec35a71eaa60d9403b.exe EA4CC3A57FB7D7303021E7C8D81FFF1CB7D5492E9259C292407DBFB0FE0EA555A3EF6D5F464EE59DBC5A9F614E959DDC61A30883B64CE9A840B5D63131AA87582⤵
- Deletes itself
- Executes dropped EXE
PID:1500
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.5MB
MD54012d759d183671d8f2ce2e85e518cfb
SHA1e0f40e8b353a2a9447a066f9ad4439ca02f45df2
SHA256f9ba3137fbd27fddb19fcc47ac9fc23c478128148ebed544fa1bd130535715c5
SHA51221451bfab2aefe5554a49cc5a0202e89ecda41591a0757a6ddd5578264dcd1414d3b8cea45603c2b473e1caeed8827bd227791a74add3e3abc97e8a7557608a2