b370ad084c003a0fac7bc5e3f32fb083a5e32764d9080b6aaaca082a6a248373 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 20:09

Sharing

Report Analysis Logs

General

Target

333/Star.exe
Size

481KB
MD5

2b7d003b0782e1b2818cc7717e0c2c53
SHA1

3f742c457300b379dc2d2324a0a0d870bc78f6ba
SHA256

1e61804993ddb8b890c1ada44898a7953273ce8eef7ae60505083037db43902d
SHA512

916c16e4f47bee06b4dc464f74e09ffa748c87e7e152eb958e29cf659ff31ec0967ed1d705cc5f64b6025e4730c86687e7dd0f767b235b635312d19f14668db8
SSDEEP

12288:loSWNTrO+uNxYlv4fc/N6Kz/oMfH8FUgC:loS2TrbOovQc/NjooHcUgC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

Star.execmd.exe

description	pid	process	target process
PID 1892 wrote to memory of 2640	1892	Star.exe	cmd.exe
PID 1892 wrote to memory of 2640	1892	Star.exe	cmd.exe
PID 1892 wrote to memory of 2640	1892	Star.exe	cmd.exe
PID 1892 wrote to memory of 2640	1892	Star.exe	cmd.exe
PID 2640 wrote to memory of 2552	2640	cmd.exe	mode.com
PID 2640 wrote to memory of 2552	2640	cmd.exe	mode.com
PID 2640 wrote to memory of 2552	2640	cmd.exe	mode.com
PID 2640 wrote to memory of 3052	2640	cmd.exe	chcp.com
PID 2640 wrote to memory of 3052	2640	cmd.exe	chcp.com
PID 2640 wrote to memory of 3052	2640	cmd.exe	chcp.com

C:\Users\Admin\AppData\Local\Temp\333\Star.exe
"C:\Users\Admin\AppData\Local\Temp\333\Star.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1892

C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2C9C.tmp\2C9D.tmp\2C9E.bat C:\Users\Admin\AppData\Local\Temp\333\Star.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:2640

C:\Windows\system32\mode.com
mode con lines=25 cols=80
3⤵
PID:2552

C:\Windows\system32\chcp.com
chcp 65001
3⤵
PID:3052

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2C9C.tmp\2C9D.tmp\2C9E.bat
Filesize
375KB

MD5
7b5496f185f7e4734846b00233159d43

SHA1
82385f3d27fc1005210c763b08e65795c6c14579

SHA256
dac3dffe8823d8954fb52c8be52dcc24723761f9ca6545e8a4a5511309342ac9

SHA512
4b02aafa55159094d82e5e9e8c04a53a1c52939c828305f64ca506b4bdc919e8aa70a6a6675d6e1e85d446149c1c58de726428c42b8cedb81836238198b50ff9

Download Submit