Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:42
Static task
static1
Behavioral task
behavioral1
Sample
b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe
Resource
win10v2004-20240426-en
General
-
Target
b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe
-
Size
781KB
-
MD5
187771a5bd73ec8a48ce2cdde5eb9aa7
-
SHA1
8e4fc97b8467a595042eaa6c22f9b1a2e2a1c81a
-
SHA256
b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a
-
SHA512
bd37ca1744e011b75192fd776d849b29dd38a932e6c045e8fbff4774ef9ba30991f0d97f15d785a2df20169cf4803f51f3d353cb654b60a38cc802bbe6e65bbd
-
SSDEEP
12288:tT+WNw+pt1RmXpK2yJJWv0xGExGVryL+DHttMdkqWBRIuHa8KJLZmG19anY:tTEwCWG1ly6DNtMJWXp65LZmG19anY
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2208 1DBE.tmp -
Executes dropped EXE 1 IoCs
pid Process 2208 1DBE.tmp -
Loads dropped DLL 1 IoCs
pid Process 2068 b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2068 wrote to memory of 2208 2068 b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe 28 PID 2068 wrote to memory of 2208 2068 b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe 28 PID 2068 wrote to memory of 2208 2068 b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe 28 PID 2068 wrote to memory of 2208 2068 b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe"C:\Users\Admin\AppData\Local\Temp\b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Users\Admin\AppData\Local\Temp\1DBE.tmp"C:\Users\Admin\AppData\Local\Temp\1DBE.tmp"2⤵
- Deletes itself
- Executes dropped EXE
PID:2208
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
781KB
MD5bd20cf365a312c79e001e1700d2ff362
SHA1ae674834b63b6ed32a3e4afb10f150abcd850f55
SHA25673d84f5253a339495839b91aedab2f185f069caf90cd7580672fb2dea3082243
SHA51286e98a2101de2b01b53181106def5a78048e0196168435df6e84759c72d3f6cc1eefe3ca1c94615a790c0685a9415d2c47b34590504944e69156b9fd21c6734e