Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 21:14
Static task
static1
Behavioral task
behavioral1
Sample
48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.exe
Resource
win10v2004-20240426-en
General
-
Target
48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.exe
-
Size
79KB
-
MD5
0922414f0d13a87fc1209a90e2094e3b
-
SHA1
c188b841b91a964f52123895809edd185e0c6fd5
-
SHA256
48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b
-
SHA512
c87e37ad8c5d898c8f3d4cccebc4008fd16d824e7301cdbd4b56b7f1f9f91cb8307e0d1dbf0603215bb75cf0c35d9a5f07010e3aed3170981a7e9aca5a54faa4
-
SSDEEP
1536:zvutflb9x7eB1xqz4OQA8AkqUhMb2nuy5wgIP0CSJ+5yenB8GMGlZ5G:zvKtb99ebQpGdqU7uy5w9WMy8N5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
pid process 2948 [email protected] -
Loads dropped DLL 2 IoCs
Processes:
cmd.exepid process 2552 cmd.exe 2552 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.execmd.exedescription pid process target process PID 1688 wrote to memory of 2552 1688 48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.exe cmd.exe PID 1688 wrote to memory of 2552 1688 48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.exe cmd.exe PID 1688 wrote to memory of 2552 1688 48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.exe cmd.exe PID 1688 wrote to memory of 2552 1688 48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.exe cmd.exe PID 2552 wrote to memory of 2948 2552 cmd.exe [email protected] PID 2552 wrote to memory of 2948 2552 cmd.exe [email protected] PID 2552 wrote to memory of 2948 2552 cmd.exe [email protected] PID 2552 wrote to memory of 2948 2552 cmd.exe [email protected]
Processes
-
C:\Users\Admin\AppData\Local\Temp\48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.exe"C:\Users\Admin\AppData\Local\Temp\48400bb4ce4dd278bdac47a12f648113af058de87ba6ccc1373dccb994bf8b9b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2948
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD54c3c84829fba03a252eea93b3cd0ee6c
SHA109475a9127add03d50fbbe2da34e492cabe8c9ec
SHA256848c83e6ae0e448c3095f658151d5c06c73f56a7f7295fee0813d2699506a4af
SHA512effc88010ace27b0801ee4e72e1f9b11d9c448a2e41eb4e611ebd623c26ff4263bdf7e18490769d52822c2b9b33667661e6d20359514b9979f2c89f52a817fdd