Overview

overview

9

Static

static

3

40838810bd...5b.exe

windows7-x64

7

40838810bd...5b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40838810bd630a370687d4e44dc6d1d3374d097eb4a0294320a46dce00e8855b.exe

  • Size

    693KB

  • MD5

    621148f66406f09642bea9885904ac6e

  • SHA1

    17ddebb19a09893159259b384dbf44445f73b6d5

  • SHA256

    40838810bd630a370687d4e44dc6d1d3374d097eb4a0294320a46dce00e8855b

  • SHA512

    492362e0fcb4f1b1076a32bb0aadc8030682d0920989d10347dea6126abe9f2ec564cbd5c2948f28522ae31f12596476b64f5377e6b23514a8f84638b78ebaa9

  • SSDEEP

    12288:3PxPihD53KoNw+bCUKklI9ufQ2XqJmrsZq4ZiohfzFq61:3PxPih95Nw+bJ3lI9uB/48Ub1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40838810bd630a370687d4e44dc6d1d3374d097eb4a0294320a46dce00e8855b.exe
    "C:\Users\Admin\AppData\Local\Temp\40838810bd630a370687d4e44dc6d1d3374d097eb4a0294320a46dce00e8855b.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:2172
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
        PID:2684
      • C:\Users\Admin\AppData\Local\Temp\_mpextms.exe
        "_mpextms.exe"
        2⤵
        • Executes dropped EXE
        PID:2680

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_mpextms.exe
      Filesize

      597KB

      MD5

      69fec6fed212a3a310230606f4d4e9ce

      SHA1

      89573c0cd4933e59a0e49679246b96b34dd51b44

      SHA256

      6ab14e409d9d4910971d7edf973b5c25a269b50bdfc504754a127ff12e3ade8b

      SHA512

      964d9278a1b94792f73eb6bd8700dcc58d3a32153554390eb6f32b3525e63243905ffdeed6268b28690148e33d29fcd00fb39209580ad89581655acbad0d1497

      Download Submit

    • \Windows\SysWOW64\Zombie.exe
      Filesize

      95KB

      MD5

      60556ca1a1865b51be9420b126322ec1

      SHA1

      ec78717f16b410da9d975ec4bd71a31ad8aa3d7e

      SHA256

      d2156edc14904a1a6a36229d209f2412feee91274a13b3110d2f338a87d01cd7

      SHA512

      8c6897abe5b238ca04e60ee1c57de1b143d8cb8a895bafbbd75a1904da97974fb419e620e824cf79a09fb3c8daaeaad9f36848d00d15365e3a2475b09911cf19

      Download Submit