Overview

overview

7

Static

static

3

ae6e3cfe97...ee.exe

windows7-x64

7

ae6e3cfe97...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 01:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ae6e3cfe9713fe2448eaa76b83c1a51ad73d1ddb4d88b32e465da30f177c69ee.exe

  • Size

    410KB

  • MD5

    a91f4183d9c862565d8332396dfdc022

  • SHA1

    bfe275f187b9ae358c0f1e1f446964dde0d8a3ac

  • SHA256

    ae6e3cfe9713fe2448eaa76b83c1a51ad73d1ddb4d88b32e465da30f177c69ee

  • SHA512

    b171ad4b2738173adcd2f8f003e97fa35b28097cd16d6f5faedeee6d70be79205209ef93163c8560cfb526dc97bf9e4742068785386a818415a0f0f2c5f68d79

  • SSDEEP

    6144:6BxIK3CTW8TMjp41u6nyHwnZ1QuDLxn0BupMZOfoJRDJHzaepCKmSXproT/OM:CxIK9V14ImyHYq2pMZPJVJH5pdmSRo9

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae6e3cfe9713fe2448eaa76b83c1a51ad73d1ddb4d88b32e465da30f177c69ee.exe
    "C:\Users\Admin\AppData\Local\Temp\ae6e3cfe9713fe2448eaa76b83c1a51ad73d1ddb4d88b32e465da30f177c69ee.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3492
    • C:\ProgramData\oofyi.exe
      "C:\ProgramData\oofyi.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4592

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Documents and Settings .exe
          Filesize

          410KB

          MD5

          2d6679937a15a60b807dd7bcd8d79be5

          SHA1

          8c95432cfa1f84253cacece922b5b1e0dbe3528b

          SHA256

          c8ef80d04c6f8ec72c6a99f95c61f5eb439e060dea1364d54b16fb24aacb5fb6

          SHA512

          de806e1a130486cadaa817967c7c4957613531be05c9c381013b68e2404da3b90beb88fec7271bd09ffe4ea8d09e2a5b1fb97c5c9597a5600a3de32c08c003d7

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          150KB

          MD5

          aef10b9ba25f907727558514f2dfbab0

          SHA1

          d67383ef1b23d4da72339d66de9541c2e1efaf53

          SHA256

          f5e77ddc706f6dffe056dc2f8a88adece36e0e4552bc70a85f36b1e01fe547ad

          SHA512

          5e607a70ca3fa489897f8df0c96570709839364cd8cabd5f76386dfff01ca2986d50c120cf82926dff950c7d7b6ec833ea7558b64ec8f0dfe2e5070abf1da103

          Download Submit

        • C:\ProgramData\oofyi.exe
          Filesize

          259KB

          MD5

          b0f84836f22c452d9caceb37e6c912c4

          SHA1

          8022506ae39bbbd25af2faaf9ee3d904841225f5

          SHA256

          e925391ad4d537d755c2b812e704d8e3c53b4ee3bbb0f86d21b84822bf8dc24e

          SHA512

          1c4dec5495638b52399128dad0cf2ebf31c4509c3928d9221d003c5d671bcd8e6db6d46f929b0d4444cc86fb07260cf25a9cb2542ea55a47fe3109ea4f129424

          Download Submit

        • memory/3492-1-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3492-0-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3492-9-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/4592-130-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download