Overview

overview

7

Static

static

3

3149943717...66.exe

windows7-x64

7

3149943717...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 20:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    31499437179132245c49ee9e1264e8c43bd274a37c769d8be4f98ad483047966.exe

  • Size

    480KB

  • MD5

    3eabf16fb90b819216e42f9ffe8f81f7

  • SHA1

    d367b566c00fcbee2708a2aa9fbfd69cf6f219de

  • SHA256

    31499437179132245c49ee9e1264e8c43bd274a37c769d8be4f98ad483047966

  • SHA512

    21389815ee5120240a6b794f70bba8e2c59d3665b7a3a66997ae3b455a100f204179239084a3397677928d34821897b25aba19b08c935cb7c26bb68aef5b8a6d

  • SSDEEP

    6144:AjlYKRF/LReWAsUyoJ9WFr2eu1ZDRNaw7y6JAwGqu7MJaNJjIRx3M8FPQsaRQMui:AjauDReWm0G1VAwGq9aIy/QLi

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31499437179132245c49ee9e1264e8c43bd274a37c769d8be4f98ad483047966.exe
    "C:\Users\Admin\AppData\Local\Temp\31499437179132245c49ee9e1264e8c43bd274a37c769d8be4f98ad483047966.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\ProgramData\ylbsc.exe
      "C:\ProgramData\ylbsc.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2984

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\MSOCache .exe
          Filesize

          480KB

          MD5

          95be663f9e288e436883cafaebcc9e53

          SHA1

          a2700f4e520b25429c2e72ec617e107981b78a4a

          SHA256

          885bc3f9b6eac7f60ffa7c2ac5496ad55058a3c7cbe80a1030227ba8ad3e2a40

          SHA512

          66ee270aa6e2f0ab65c54bd06ec6f0c13945457a1094fc8f374468bc8b3e461ae7505a7b051fb90a24ac8826121491f74436dfc59bc0d7770e7d2520f9c1c324

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          136KB

          MD5

          2bd01b99551cc639ddb5cb66914904a6

          SHA1

          50beb8bab8be15271951130ac833eb19566f9333

          SHA256

          9764e531dd52e37a454c7f052a17fe7b68821dc3570286aab7bb4706639efe40

          SHA512

          374436459d62bdd62fc79b779e5aef155d7b8817e3d64e53639130be49d061a251d04a3882d403c1cacf890f91fa53e9137e551f3f6479341e09fe97c7bf2390

          Download Submit

        • C:\ProgramData\ylbsc.exe
          Filesize

          343KB

          MD5

          5d41410cbf4e76dc9b36bd6ef581c304

          SHA1

          33cb42491fcd6561257c15b0102f143e4fdbafd5

          SHA256

          7d97e7f025b9a006efcc41bbc48a77015e414b53c2b737c7f4deaff7c33fabb6

          SHA512

          6bb815b6c4bf8dd8da38d2f9032dcb6c8222a400001b5c0854f9305f8943ddb5ee284455c7afda7c568429ef2b881d74f63de3d41e671f594d4b0e56da743233

          Download Submit

        • memory/1904-0-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/1904-1-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/1904-12-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/2984-131-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download