Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 22:34

General

  • Target

    5d21221cfd763d4440116e23e781cfa860fe1506dbd1c91888b09223d6fa675c.exe

  • Size

    73KB

  • MD5

    d67275dc376e2fe97074a33a0a9c97a0

  • SHA1

    febfe6caa648b60db7268310b52a402f564e96ea

  • SHA256

    5d21221cfd763d4440116e23e781cfa860fe1506dbd1c91888b09223d6fa675c

  • SHA512

    2ce3b766f78bc327ed651c8939f355678d17f528ed40691a22b2e0f498e9c2ec82ce432a219014297ec8c6dec3731f32cbf5b6582c4967f309afb3fc13e8c7f2

  • SSDEEP

    1536:1YF8NLCofRLCg/pdsHT+obdo8Cgzvl4ooofgke253u22:uF+LCofRLCgxSzXo8CgpIo53u22

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d21221cfd763d4440116e23e781cfa860fe1506dbd1c91888b09223d6fa675c.exe
    "C:\Users\Admin\AppData\Local\Temp\5d21221cfd763d4440116e23e781cfa860fe1506dbd1c91888b09223d6fa675c.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:352
    • C:\Windows\SysWOW64\eamdofar-rid.exe
      "C:\Windows\SysWOW64\eamdofar-rid.exe"
      2⤵
      • Executes dropped EXE
      PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\eamdofar-rid.exe

    Filesize

    70KB

    MD5

    fd0e6d01bbbf394fd787c231e01d9a01

    SHA1

    9e600a69d63d46edcde4c6c975aae932cf25e558

    SHA256

    2da70197000833ce666f0047a2a36b07641cca1917f54fafcb330b4ab4f7acf0

    SHA512

    441014c5ec1bd54290314ddcedf267d733848e3a7dc5e6573278c67162fa8c491144434677f1eb022aaffd11f57a27c24d50a07d822a36f53c2202e85d8027b5

  • memory/352-5-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB