Analysis

  • max time kernel
    17s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 01:01

General

  • Target

    a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe

  • Size

    2.2MB

  • MD5

    1cb3bcb19205c9b4800ffd47ef3cb6e6

  • SHA1

    40e7bc859eecfd52fd366b395c9ec6ddd58a960e

  • SHA256

    a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f

  • SHA512

    5411c14b445a6228d8e7d2e1a143c02115cbf7f53c3a6390dc439bbda082d9969ae7c33df115ec6f09920d2f63e5ee5edca76b04ccf36fa184dcb75d8120a33e

  • SSDEEP

    49152:WbD+QCbRquA/m2yL5zbfFiV+XenmE3/zw:WbD+5oq2VjnmH

Score
9/10

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 8 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe
    "C:\Users\Admin\AppData\Local\Temp\a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1524
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev164E.tmp!C:\Users\Admin\AppData\Local\Temp\a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe! !
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Users\Admin\AppData\Local\Temp\A7A37735EADF11931D27DA28CBD3B7AF132BE6300F40A4B6E5CD3AFB9E298D6F.EXE
        3⤵
        • Executes dropped EXE
        PID:2564
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev164E.tmp!C:\Users\Admin\AppData\Local\Temp\A7A37735EADF11931D27DA28CBD3B7AF132BE6300F40A4B6E5CD3AFB9E298D6F.EXE!
        3⤵
        • Executes dropped EXE
        PID:2608

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe

          Filesize

          2.1MB

          MD5

          b8d69fa2755c3ab1f12f8866a8e2a4f7

          SHA1

          8e3cdfb20e158c2906323ba0094a18c7dd2aaf2d

          SHA256

          7e0976036431640ae1d9f1c0b52bcea5dd37ef86cd3f5304dc8a96459d9483cd

          SHA512

          5acac46068b331216978500f67a7fa5257bc5b05133fab6d88280b670ae4885ef2d5d1f531169b66bf1952e082f56b1ad2bc3901479b740f96c53ea405adda18

        • C:\Windows\MSWDM.EXE

          Filesize

          80KB

          MD5

          7953ee2765fd7f56ef2cbc7181d1149d

          SHA1

          c649e183ef7ea9d5f758e061432c2707f7591b6f

          SHA256

          79d8f0ced4322e8274ed093c31cc3685048212c192d549c8d31a19f16b1d6da9

          SHA512

          351b443e4145ddaccef9de847b142b240fb44594d6bee7b7fbe16a865df6dccd93559b437b254093f0f790bb3b66d0972d879b931c8f2e9ed9fdd4c931dbe7b7

        • memory/1524-21-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/1524-31-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/2608-27-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/2992-30-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/2992-24-0x00000000003E0000-0x00000000003FB000-memory.dmp

          Filesize

          108KB

        • memory/2992-20-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/3020-0-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/3020-12-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB