Overview

overview

7

Static

static

3

18da13b4f0...8e.exe

windows7-x64

7

18da13b4f0...8e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18da13b4f0720a6c25845a69c99952f9722f2af542764eaf47e35f4a53c4788e.exe

  • Size

    408KB

  • MD5

    3ecf2b0c78b431834922945b24787676

  • SHA1

    2da8977e84c71991cd21bde497ab7b20050df8b0

  • SHA256

    18da13b4f0720a6c25845a69c99952f9722f2af542764eaf47e35f4a53c4788e

  • SHA512

    4071d1c0e48cd361a5eb41605f632f4867bb09f58d29f3b301f5fb0ed62fea027ec678a00662e0caf9ca4865bc0062284dd7cf6bf09516e678635c333941a2cc

  • SSDEEP

    12288:4jauDReWeNpalC0ZT3wCzuubNu+QWryJH/mHychXoQhYdjiNe5eftTq7raffD:4DDyNpyC0d3wAuubNu+QWryJH/mHychj

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18da13b4f0720a6c25845a69c99952f9722f2af542764eaf47e35f4a53c4788e.exe
    "C:\Users\Admin\AppData\Local\Temp\18da13b4f0720a6c25845a69c99952f9722f2af542764eaf47e35f4a53c4788e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:228
    • C:\ProgramData\dxunrg.exe
      "C:\ProgramData\dxunrg.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:3268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    408KB

    MD5

    30c3f1e09529413fe47ed81ccc2d19a8

    SHA1

    92192d0fa873740b1c6ae2c2080929518f33e7c2

    SHA256

    779c4c0ba6325e48b20729b0b4162b30fbbea74da45bd6e295476d7a31063036

    SHA512

    b8446410e4a2bc1c340085c4128e32a3ad1cc518d1dc088d4699e02cbdaee0e56984d7ba51af8a228db25f6ce6c521614771c4d6b0e4b75108805dfe022a71f4

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • C:\ProgramData\dxunrg.exe
    Filesize

    271KB

    MD5

    fc3ba408a6c16ca9ee8d6b2a88e101e5

    SHA1

    7e2e015179f03a53dab22781a9787cc8208bced6

    SHA256

    06aa83dd06dfc0ae508c01b43e1905f960348f9c6d3b9b3b632434c9b4a5d324

    SHA512

    6a18f285c80e40eaec8034588553632d68bca1d4fa551512f1a381d1f281b63a724d41852f45e419469b066e82b3123ef659a6b02b7c5152b51a1a0ff9069003

    Download Submit

  • memory/228-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/228-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/228-9-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/3268-130-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download