Overview

overview

7

Static

static

3

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    15s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main.exe

  • Size

    20.8MB

  • MD5

    a18229feee8fd2a2d11caf3334962724

  • SHA1

    4c1a078607d9cb97103bfb3122be3b45bdeff817

  • SHA256

    b9c4ebecf944e0e9955f86a7581b3b02187ce64e78011035dedab40377ee3001

  • SHA512

    fc35eb60b4ab3014c680e4fdb2c54eea08ee7480c6c765402985be532d3465bd28317482b0e4f4cd2e69b4691a5a19974e2e8229b1001269fbd189d14b82c37a

  • SSDEEP

    393216:qdjJmE6NrDREnCE8odCMiqwmtD/BFZTFjRUpLHfKg4NMaTSzmGg37P:6JmE6hDOnCE84CMMmt7XepL/KQajGg37

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Users\Admin\AppData\Local\Temp\onefile_1984_133608910656540000\main.exe
      "C:\Users\Admin\AppData\Local\Temp\main.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_1984_133608910656540000\main.exe
    Filesize

    1.1MB

    MD5

    4db53deac8f6881694e39d555245cae3

    SHA1

    12f8909b0904e70965168fe9bf818f02ff55ef89

    SHA256

    426574f49a26bbe38eacd7e315f8f5fbb36d5ec3c9edf07d42348d0f8ce19a89

    SHA512

    65f8bd02e35f868bd52cc899a9256ce98e7d7ee579c2f6603853fe9d670bd7e94199a19951dbbbd5cc08a619cce29d1e5c35d79da19dfaa10c21d9c57d9bf0a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_1984_133608910656540000\python311.dll
    Filesize

    2.8MB

    MD5

    fc1a7303c982a295c1dcb24bea58722c

    SHA1

    62f182e6a0d02d3d6a7a1812c73ab537c9b49a94

    SHA256

    e158e90d2e30c7418f707d32f8f1e6c88727ad89831c877d25ae988e97a67a9f

    SHA512

    61bc9f20603a97c26dd1c04a7955f7eb8dfa7849dc82da0a66e7b958380fe708243623e178a90081016f1847f777befea37ad590c7b2d178399e511ec0049089

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_1984_133608910656540000\main.exe
    Filesize

    1024KB

    MD5

    58653512e290e21fbfc1279897c40fdc

    SHA1

    9b326c79832d4a57817b8e9174b36af0813baf89

    SHA256

    49254551572d6e8f3de6e238b5f961ad6c70a20afeddfdd52df0e79fe978ec51

    SHA512

    ce7735a47b25572ca0e7311bf4c8015a064fb6a7bcdaee1f1d24eeb7fb2d4dc7e39ffddcd5b1dde7fc139e17e8fe7a13557b430e0848a0935bf703bdea9d6219

    Download Submit

  • memory/1984-133-0x000000013F6A0000-0x0000000140B88000-memory.dmp

    Filesize

    20.9MB

    Download

  • memory/2624-69-0x000000013F2F0000-0x0000000141D8E000-memory.dmp

    Filesize

    42.6MB

    Download