Overview

overview

10

Static

static

10

0490e8427a...c7.elf

ubuntu-18.04-amd64

0490e8427a...c7.elf

debian-9-armhf

0490e8427a...c7.elf

debian-9-mips

0490e8427a...c7.elf

debian-9-mipsel

068428a4ac...26.exe

windows7-x64

1

068428a4ac...26.exe

windows10-2004-x64

8

087421ac22...94.elf

debian-9-mipsel

10

0c4791a6b4...ea.elf

debian-12-armhf

1

0d9bd2ae2e...ea.exe

windows7-x64

7

0d9bd2ae2e...ea.exe

windows10-2004-x64

7

0fa00d4f4f...70.dll

windows7-x64

1

0fa00d4f4f...70.dll

windows10-2004-x64

1

10de02fec8...d1.bat

windows7-x64

1

10de02fec8...d1.bat

windows10-2004-x64

8

1157191701...32.exe

windows7-x64

7

1157191701...32.exe

windows10-2004-x64

10

16e81343ec...a5.exe

windows7-x64

7

16e81343ec...a5.exe

windows10-2004-x64

7

17691f0962...b7.elf

debian-12-mipsel

6

17c24104e8...12.exe

windows7-x64

3

17c24104e8...12.exe

windows10-2004-x64

3

1816cd993d...28.exe

windows7-x64

7

1816cd993d...28.exe

windows10-2004-x64

7

1b8cda768b...8a.elf

debian-12-armhf

1

1df6acbc11...b7.elf

ubuntu-18.04-amd64

1df6acbc11...b7.elf

debian-9-armhf

1df6acbc11...b7.elf

debian-9-mips

1df6acbc11...b7.elf

debian-9-mipsel

1e7706ed04...b0.elf

ubuntu-18.04-amd64

1e7706ed04...b0.elf

debian-9-armhf

1e7706ed04...b0.elf

debian-9-mips

1e7706ed04...b0.elf

debian-9-mipsel

Resubmissions

22-04-2024 22:02

240422-1xtwbagh68 10

22-04-2024 19:25

240422-x42b7afa68 10

19-04-2024 03:02

240419-djmthsfh8w 10

Analysis

  • max time kernel
    141s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.exe

  • Size

    1.7MB

  • MD5

    74a37bb794ed287696eac4495ffae13f

  • SHA1

    0097bc646687e8441db0079c3f85320be39e4a13

  • SHA256

    1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228

  • SHA512

    17770d69d3792f1663d58d2d5c1b1cbcac04ac9ef85c0416bb4f69ca3410b710953f384039999e8719a798bf4cd751226a2282affb7f959197eeccb782126950

  • SSDEEP

    24576:s7FUDowAyrTVE3U5F/9GqKVKic6QL3E2vVsjECUAQT45deRV9RZ:sBuZrEUwzKIy029s4C1eH93

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.exe
    "C:\Users\Admin\AppData\Local\Temp\1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\AppData\Local\Temp\is-2JBUH.tmp\1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2JBUH.tmp\1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.tmp" /SL5="$40108,922170,832512,C:\Users\Admin\AppData\Local\Temp\1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-2JBUH.tmp\1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.tmp
    Filesize

    3.1MB

    MD5

    29c7863663a6218935710a3f95f69e24

    SHA1

    f432dfcf453817fd00c16c035b16be778074e29b

    SHA256

    8ab8594026e4bc39b73dd7ebefa28082ab9630efc2c2353357d24830534f0b16

    SHA512

    7eb8f9b4f3ec2c7e06bddd74aab3d7a0e860465d34e8551ee728ee3e562d945acd0a06495567f6bccdc11d9e3b5b6f06a452528acacf4f73142caebfe3bcff94

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-5HSVU.tmp\idp.dll
    Filesize

    232KB

    MD5

    55c310c0319260d798757557ab3bf636

    SHA1

    0892eb7ed31d8bb20a56c6835990749011a2d8de

    SHA256

    54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

    SHA512

    e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

    Download Submit

  • memory/2448-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2448-15-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2448-18-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3000-1-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/3000-14-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download