Overview

overview

7

Static

static

3

6c5d597a76...53.exe

windows7-x64

7

6c5d597a76...53.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 23:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6c5d597a76b444803a67d906e4ee8741881b646ea66bacf08cfb003104e11d53.exe

  • Size

    54KB

  • MD5

    5fa136d5e2fed5a5f8851bb33b0343d5

  • SHA1

    76e54b91c33515801756c8c451dadcc54ade3a5a

  • SHA256

    6c5d597a76b444803a67d906e4ee8741881b646ea66bacf08cfb003104e11d53

  • SHA512

    dcb6104a7156c74a00b947826fa3e04864f2596146a51753a4d412d2afde7cef67c95f1cb1b2df4608ddd0710b336b541b2d4831b5fef9c8d917b93bad80f55b

  • SSDEEP

    768:MApQr0fvdFJI341GxusOy9Rp1pLeAxoeC48PqK1OtaP6cCFzENREMZ7ZbP:MAaMJlBsh7pWezEPJB+OlbP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c5d597a76b444803a67d906e4ee8741881b646ea66bacf08cfb003104e11d53.exe
    "C:\Users\Admin\AppData\Local\Temp\6c5d597a76b444803a67d906e4ee8741881b646ea66bacf08cfb003104e11d53.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\windows\SysWOW64\sal.exe
      "C:\windows\system32\sal.exe"
      2⤵
      • Executes dropped EXE
      PID:2900

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\sal.exe
          Filesize

          54KB

          MD5

          bdbbce26626a1e62ca93b47476c14a57

          SHA1

          2e2a4b0e75978ddc65191ef14307af7996cece6e

          SHA256

          0308d1a90f781191534276d9461d2c541bf1b3ec9734e50a62bca46dea03219d

          SHA512

          b2227d3569d64731632617552e0242d87e85b515a1ec2e4995dc85b9f583b4915744a9a0c1009b540cc42039d91a7f6a885e8d0d09ee5cc625deeb963163d4d1

          Download Submit

        • memory/2860-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2860-4-0x0000000002620000-0x0000000002629000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2860-10-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2900-14-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2900-12-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download