Overview

overview

7

Static

static

3

7f1587c385...1d.exe

windows7-x64

7

7f1587c385...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 23:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7f1587c385d10ff065da1d214e143223d564c3e0c4868d249e94eac9344c041d.exe

  • Size

    408KB

  • MD5

    b8f197436ef9a4771c0e090aa061c418

  • SHA1

    9d0cb1e3cba41a7798480cb72658429c845b50dd

  • SHA256

    7f1587c385d10ff065da1d214e143223d564c3e0c4868d249e94eac9344c041d

  • SHA512

    7cde16b933db11c736136903368545656f742d3b06915092f099f3e68d4db52968cbb157cbe40288117c49990779c5b740a4d7751ea5f31dcf700c4e8f48b1a8

  • SSDEEP

    6144:4jlYKRF/LReWAsUyAZSvShB4Sm0P9LULGfxXnLYcAdwYJsAdvJgdSF0a:4jauDReWWSvST4SLULgXnLDAi1ANJgpa

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f1587c385d10ff065da1d214e143223d564c3e0c4868d249e94eac9344c041d.exe
    "C:\Users\Admin\AppData\Local\Temp\7f1587c385d10ff065da1d214e143223d564c3e0c4868d249e94eac9344c041d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\ProgramData\yshhhl.exe
      "C:\ProgramData\yshhhl.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:804

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Documents and Settings .exe
          Filesize

          408KB

          MD5

          677b12746c3dfb97baee7fc404cdf453

          SHA1

          31d88f20999bebdc3c0891711d5dfcf6d33be05d

          SHA256

          aea9366b7ca5d1582b8b4ede2a5dc86575f7d66a53eebbdedec42ceda7c0d272

          SHA512

          dabd1021301c7e457132236e9e24574bb6ef851a1ce1d6a06c5af4d427d0c0942539880ebf84f4085a9cda69e815d19738997e2ace19c3c22d6a77cab6125442

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          136KB

          MD5

          cb4c442a26bb46671c638c794bf535af

          SHA1

          8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

          SHA256

          f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

          SHA512

          074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

          Download Submit

        • \ProgramData\yshhhl.exe
          Filesize

          271KB

          MD5

          0aec90cda173d64f17fcdcf7f97e7b2e

          SHA1

          0378a2cd445f154e7926c7fa2c14c59e7549ae5b

          SHA256

          f5a708bbce47935df4db1b17c2202720669dd2ca987694a2fa161fcb30a8833e

          SHA512

          beca079cfafc54def377ac9f6a82de82097441dd8fdf26ee42e4d541abc00fd990c6a477f49eb3b252d7736987a0a4f3d511262b73d2fe8a433386242e3e7483

          Download Submit

        • memory/804-133-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download

        • memory/2364-0-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/2364-1-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/2364-14-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download