Overview

overview

7

Static

static

3

5514d172f9...61.exe

windows7-x64

7

5514d172f9...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-04-2024 21:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5514d172f9de092b9a43a3c71e63847a25b354c474a8d5c29774a8d5762be461.exe

  • Size

    92KB

  • MD5

    22a74e7b1caa9821c3f3831b1d007b89

  • SHA1

    0f285cb884fd3a3fcdc417d736ec5a1423f3484f

  • SHA256

    5514d172f9de092b9a43a3c71e63847a25b354c474a8d5c29774a8d5762be461

  • SHA512

    29835d2013a503e4c1c92e8fe978d3a47b64ac80e300a0476c2da196eb9dd6a6ca77678a4103f2e108bc2ac997802f0ddde87fd3f119fabe744105690fe6a98d

  • SSDEEP

    1536:0MA7W59lPYpBCvXkd/DKO7FcwY2fL9C4zxcSsxA4:tu0DYpBXDKO7FDYuL9C4Ix/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5514d172f9de092b9a43a3c71e63847a25b354c474a8d5c29774a8d5762be461.exe
    "C:\Users\Admin\AppData\Local\Temp\5514d172f9de092b9a43a3c71e63847a25b354c474a8d5c29774a8d5762be461.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
      C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
      2⤵
      • Executes dropped EXE
      PID:3332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
    Filesize

    92KB

    MD5

    f8fe1c7f42e6d0582f0644a13725b858

    SHA1

    14a2432c300e5e495b77e50672b73be3dd0a2ae1

    SHA256

    0e22f15db3ad23aa97d33daceb7cdf08b08ef9c132888fb814d2e653ca4dadc7

    SHA512

    9e3699d6c5089f2779ae43cc4a04ee413ef2ad3f0b8a50e800341ebae939ec2a41b7feb5a13d83338888419b822315f2623b48d3861f7f3f65cb637fa10ccfd1

    Download Submit

  • memory/1796-3-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3332-5-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download