Overview

overview

7

Static

static

3

57b3f30052...7b.exe

windows7-x64

7

57b3f30052...7b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 23:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    57b3f3005273e5e182264b776eea234084a1160c0d6709849746c07cc3ad7f7b.exe

  • Size

    274KB

  • MD5

    0ae678ad8ad46e391cb05fee3062a863

  • SHA1

    380d364a1bee328d54ab9e96ce7b3526ac5e7527

  • SHA256

    57b3f3005273e5e182264b776eea234084a1160c0d6709849746c07cc3ad7f7b

  • SHA512

    3f21d6d70c195081a5d36ed147cbbc25d07300572eb5f9d5c9a39a24fdf03000065d460e2f4c984832b1939c2e852eb4209db11ae361a831d45a38dc6af68de5

  • SSDEEP

    6144:snqAzz+97V+OTvyp0O6jNybFzmNL+4jz7IbJus1XS:sBz6l8OTvW3qy5zC+uIdv1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 5 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57b3f3005273e5e182264b776eea234084a1160c0d6709849746c07cc3ad7f7b.exe
    "C:\Users\Admin\AppData\Local\Temp\57b3f3005273e5e182264b776eea234084a1160c0d6709849746c07cc3ad7f7b.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\meoetcaht\t2gf4afrlddqvqigvpxg.exe
      "C:\meoetcaht\t2gf4afrlddqvqigvpxg.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:1912
      • C:\meoetcaht\lcpnhqges.exe
        "C:\meoetcaht\lcpnhqges.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2804
  • C:\meoetcaht\lcpnhqges.exe
    C:\meoetcaht\lcpnhqges.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\meoetcaht\dqgqjrd.exe
      jaxx3i3xzoxp "c:\meoetcaht\lcpnhqges.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2732

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\meoetcaht\sllwubhmw8c5
          Filesize

          10B

          MD5

          f3abe222e5a02f1e8caf70a296fde33a

          SHA1

          4a9d0afef11eb55fb3ba0876d27336f5ac4c6da9

          SHA256

          3b89a9364c98975b7b8d41d19b2040a1399a59dfed226d447f285a6e833d0673

          SHA512

          c40ae03bd6656012512bb15eaf5591d4ea18191b2a29c2f536271d5ae0d7f7566e6af428d406a9cb479c6ca7b225f707c1ce56f88eec4c216a4f4b6cd2e03cd1

          Download Submit

        • \meoetcaht\t2gf4afrlddqvqigvpxg.exe
          Filesize

          274KB

          MD5

          0ae678ad8ad46e391cb05fee3062a863

          SHA1

          380d364a1bee328d54ab9e96ce7b3526ac5e7527

          SHA256

          57b3f3005273e5e182264b776eea234084a1160c0d6709849746c07cc3ad7f7b

          SHA512

          3f21d6d70c195081a5d36ed147cbbc25d07300572eb5f9d5c9a39a24fdf03000065d460e2f4c984832b1939c2e852eb4209db11ae361a831d45a38dc6af68de5

          Download Submit