Overview

overview

7

Static

static

3

16a964179a...34.exe

windows7-x64

7

16a964179a...34.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16a964179a3d708afdf8f9d7357766eb7e7ccdb790e7d9981ab4d5ce68d3a334.exe

  • Size

    31KB

  • MD5

    7f8d47d581bd4be7e65c6380d37f8be3

  • SHA1

    fc5784cba73c386fad4027759b0900c6cdc32240

  • SHA256

    16a964179a3d708afdf8f9d7357766eb7e7ccdb790e7d9981ab4d5ce68d3a334

  • SHA512

    024ee90ca38428c5f129225a8be84567ed29b96c6f2e7d5a2f24c3331cb67c66c28afacb54ef11cd71b6de907b369eaf53a07247d53514dc5ca042ee6e3da491

  • SSDEEP

    384:tk2Wz6pL3a2a999999996cNyoYkytbdH4TIem29nm:K1z6pLxa999999996cgoYkytbdH4Uim

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16a964179a3d708afdf8f9d7357766eb7e7ccdb790e7d9981ab4d5ce68d3a334.exe
    "C:\Users\Admin\AppData\Local\Temp\16a964179a3d708afdf8f9d7357766eb7e7ccdb790e7d9981ab4d5ce68d3a334.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Users\Admin\AppData\Local\Temp\lsemc.exe
      "C:\Users\Admin\AppData\Local\Temp\lsemc.exe"
      2⤵
      • Executes dropped EXE
      PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\lsemc.exe
    Filesize

    31KB

    MD5

    ce0cd1b428682845fc43fcb235aafac7

    SHA1

    8747adccee9886633b23684105e129f70449bb12

    SHA256

    e1b4a99d0f76182f3ebaace0d0669e55d96ed3692f8bc72918b6a7eda81e1900

    SHA512

    77512d1ebceb006bf91bab8798db511e61c43d5f51c5affcedf3a302567063b8ee04afa77e9b4bde12690877ca34eb013b667dc61fcca5a6dbcdc902a1a2f187

    Download Submit

  • memory/1944-8-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2276-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2276-2-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download