Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 01:11
Static task
static1
Behavioral task
behavioral1
Sample
6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exe
Resource
win10v2004-20240426-en
General
-
Target
6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exe
-
Size
71KB
-
MD5
057adeed983103a2a037d1e68d32a160
-
SHA1
5839381436d893f08036a1722e5b960f5662a7d8
-
SHA256
6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb
-
SHA512
334e01dce35a860c787f8cafa6a868e0f6657e475612fcf455c525d6693a15153ba29f2a033cd920bf350646f7ded710e48c6ec30203f14e5a910df3ab9fe6ac
-
SSDEEP
1536:1h3YrzjzGabh9X0PCig8Hf7j6iQ3e7Orp:jizj7bhtMC98/7pIe7m
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
itheakav.exepid process 2216 itheakav.exe -
Loads dropped DLL 1 IoCs
Processes:
6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exepid process 1912 6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exe -
Drops file in System32 directory 2 IoCs
Processes:
6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exedescription ioc process File opened for modification C:\Windows\SysWOW64\itheakav.exe 6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exe File created C:\Windows\SysWOW64\itheakav.exe 6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exe"C:\Users\Admin\AppData\Local\Temp\6a008f178e93b5f0a8099440e8f5dd952549e701b79ed722bbe71389fd1f59cb.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\itheakav.exe"C:\Windows\SysWOW64\itheakav.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Windows\SysWOW64\itheakav.exeFilesize
68KB
MD55f52e57985563b312d83671aaf896d18
SHA177e0839c6f0068f2694deb575ad5aea96a6be391
SHA2568b7d952f1e272174d370cfaa0ef647d1b3d339353bd914e464cfd95dc77ca6a5
SHA512d70f1b5b5c6c6407b3bd744428250e0ae3cf6f05e61f3d99886a59b8f82cda918dcb882b39b0eacc7fb2b8cc4c989ef62464b76692342cc2f0cffa646be85b71
-
memory/1912-5-0x0000000000400000-0x0000000000403000-memory.dmpFilesize
12KB