Overview

overview

7

Static

static

3

e1f6c964b6...23.exe

windows7-x64

7

e1f6c964b6...23.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2024, 03:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e1f6c964b6e5c90cfcaf745873e7a432fc1c01dc3769ce6850f9480663a03a23.exe

  • Size

    608KB

  • MD5

    de9281d4bd1d8ee5413a4cc6c5086565

  • SHA1

    5764ee20f5f9260c0e98bcf55d7cb269d983beb7

  • SHA256

    e1f6c964b6e5c90cfcaf745873e7a432fc1c01dc3769ce6850f9480663a03a23

  • SHA512

    332d72bd1e32a0af631f54023d652569f59ed916c95bba9b05b0d303d519b28e7c9a65767a1cc094798c669fd9d9f71011fee957f5399107e2ef71d4febcf649

  • SSDEEP

    12288:4jauDReWKGRPUcPmgqhrSr2tUaZS+qrNpXDdKjlpYMyc:4DDGcPmdhrSr2tUQqrNpXEhpYc

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1f6c964b6e5c90cfcaf745873e7a432fc1c01dc3769ce6850f9480663a03a23.exe
    "C:\Users\Admin\AppData\Local\Temp\e1f6c964b6e5c90cfcaf745873e7a432fc1c01dc3769ce6850f9480663a03a23.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3892
    • C:\ProgramData\ygjct.exe
      "C:\ProgramData\ygjct.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:3228

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Documents and Settings .exe
          Filesize

          608KB

          MD5

          003c82cf089a2559ce5aeb3c05102e2d

          SHA1

          efd4a282c70e9f138597fc3dee6ceca50a559881

          SHA256

          b46f8c368fcd685019709383cea0ad80ea6ac8c323963685486d9202e0649fc9

          SHA512

          0906aa058bcc01ea7f0d4c7b87f55148ab460315e34bb953b63d08f533beab2cd4bb4958f53c35b7f832197c68c9cc1cb62d129e89048d3d9f832e51f047e70c

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          136KB

          MD5

          cb4c442a26bb46671c638c794bf535af

          SHA1

          8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

          SHA256

          f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

          SHA512

          074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

          Download Submit

        • C:\ProgramData\ygjct.exe
          Filesize

          471KB

          MD5

          97dedeaa8b45172e90eb10217f6da6b7

          SHA1

          068ee2959066c1bcba4d73a30adc9e5b97063149

          SHA256

          2d1ccc1c125bbc55e882d153234bb89a0ce700f74b1e674fa60d496f3101fadf

          SHA512

          bb51119a1f750051afdedd1bfada39ea66fa64f51ef272388f5547d09a0c084ba3e02b15aefa9b55211b18803f6b1c4b76090060f8ee986ca084b80b7cb9f70b

          Download Submit

        • memory/3228-130-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download

        • memory/3892-0-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/3892-1-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/3892-9-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download