Overview

overview

7

Static

static

3

a9710f9eaa...8f.exe

windows7-x64

7

a9710f9eaa...8f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 14:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9710f9eaa5bef6836ba464a424ad495278d19f9f4340500882a82f1f275f38f.exe

  • Size

    4.9MB

  • MD5

    7c198b73639552cb2a0a2d15dae29f7a

  • SHA1

    c79be0bc69f8281e0d6adb88ffa94021f57896ea

  • SHA256

    a9710f9eaa5bef6836ba464a424ad495278d19f9f4340500882a82f1f275f38f

  • SHA512

    41448a229b2d1a9188ed9e2e1297e9eb04cf4bb7d4a503dc2876f74a536d5023f11d2ca716026b91705c4e5c62c099c9982bded7a5fd3bc7c07a52b2dd82e37a

  • SSDEEP

    98304:6hUCd5V5Z8mRT4DaEYvX1xkEqNJTO6EidStdYOxjtpkin5k:6hUC3fTTEi1xkEqPi6E7tdYcjtLn5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9710f9eaa5bef6836ba464a424ad495278d19f9f4340500882a82f1f275f38f.exe
    "C:\Users\Admin\AppData\Local\Temp\a9710f9eaa5bef6836ba464a424ad495278d19f9f4340500882a82f1f275f38f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Users\Admin\AppData\Local\Temp\a9710f9eaa5bef6836ba464a424ad495278d19f9f4340500882a82f1f275f38f.exe
      C:\Users\Admin\AppData\Local\Temp\a9710f9eaa5bef6836ba464a424ad495278d19f9f4340500882a82f1f275f38f.exe -a -d
      2⤵
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Users\Admin\AppData\Local\Temp\a9710f9eaa5bef6836ba464a424ad495278d19f9f4340500882a82f1f275f38f_app.exe
        "C:\Users\Admin\AppData\Local\Temp\a9710f9eaa5bef6836ba464a424ad495278d19f9f4340500882a82f1f275f38f_app.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2540
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 572
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\a9710f9eaa5bef6836ba464a424ad495278d19f9f4340500882a82f1f275f38f_app.exe
    Filesize

    1.6MB

    MD5

    326176f692dc9f302f766ad416473a34

    SHA1

    69c1e7f265bfb597675db9e6186452cc18c0bf4e

    SHA256

    d87004eaf5ab8770f94453dd2916d6b6f1ccdd245aa47d029809f53c6d24f7ee

    SHA512

    73720f0a058b3fdc0fbc4ec39d8185b587ca735919d38721003584925cb55acbb6a2a1c9dc9bad0da6fa313a68ba471e8d1dc09c6667bdee76fa26e87a4407f0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\cyyundun.dll
    Filesize

    332KB

    MD5

    8722259b998800a37c3991c58ce64f96

    SHA1

    d370272422272eaf9aca8bc17ba9bcba1b83df70

    SHA256

    b115d63bee020042256019ee14fa0570483180e29c4deb7ed5b8fab522b05244

    SHA512

    867872e22769ecdba19daca70d6ef2bbb9e310abd90ddd1c3ff5b9a3375ef11488f1f7ac021c579ab58b7e8125c8bada584a1e96bb15fcee5837307cb64a6857

    Download Submit

  • memory/2128-12-0x0000000074EF0000-0x0000000074F57000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2128-28-0x0000000074EF0000-0x0000000074F57000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2540-19-0x000000007451E000-0x000000007451F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2540-20-0x0000000000F70000-0x0000000001118000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2540-21-0x0000000006F70000-0x0000000007116000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2540-22-0x0000000074510000-0x0000000074BFE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2540-29-0x000000007451E000-0x000000007451F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3048-4-0x0000000075020000-0x0000000075087000-memory.dmp

    Filesize

    412KB

    Download

  • memory/3048-5-0x0000000075020000-0x0000000075087000-memory.dmp

    Filesize

    412KB

    Download