Overview

overview

7

Static

static

3

CustomRP.1.17.22.exe

windows7-x64

7

CustomRP.1.17.22.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2024, 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CustomRP.1.17.22.exe

  • Size

    6.3MB

  • MD5

    fe6ac7ec692ea6a41c12a5b96de2b5a6

  • SHA1

    8a1bfd9276b1838cc859dfd443a3ae8c63c7ddbc

  • SHA256

    99a13b46fc5ec89169132f3ec365c77eabcb31ea07efab203c7795da948b1774

  • SHA512

    cff9b7918e3f98b5709f8fdbc87e9ed12b026360b231e8772512e66c67f28826e7e3cad23fa16d8baeb42821464b26015f63737a8982128fbd49aecfc75ccb27

  • SSDEEP

    196608:O1TeFQbXLA+GHUe/gVyikWTAgO5KtTHCx7h2:cTbcBH74VyikvgOot1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.22.exe
    "C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.22.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\is-C197V.tmp\CustomRP.1.17.22.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-C197V.tmp\CustomRP.1.17.22.tmp" /SL5="$5014E,5486258,1081856,C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.22.exe"
      2⤵
      • Executes dropped EXE
      PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-C197V.tmp\CustomRP.1.17.22.tmp
    Filesize

    3.3MB

    MD5

    4c84ad73c9fd6c0d8590e40be75a7117

    SHA1

    8285d51da90a963e5e6002e3d2fc1b735a9cdf83

    SHA256

    a656e1ba87b2fcc64dbbb9fabf4c486ed85162187b529587bdefd5e37fca6a51

    SHA512

    e996e4f718ddbbfdb225e643a028d13ff0a6272da12570ef76cc30f5051007ac2b4084702170215bff37c28e1288340bf7752553d00a143fd9182ea0e3c431a7

    Download Submit

  • memory/1708-8-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1708-11-0x0000000000400000-0x0000000000751000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1708-14-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1972-2-0x0000000000400000-0x0000000000515000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1972-0-0x0000000000400000-0x0000000000515000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1972-10-0x0000000000400000-0x0000000000515000-memory.dmp

    Filesize

    1.1MB

    Download