Overview

overview

7

Static

static

3

ebab0de98f...4c.exe

windows7-x64

7

ebab0de98f...4c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 10:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ebab0de98f07f25b3a6e984eff5e397d875c52c1cf761749d7f562d97a65254c.exe

  • Size

    2.0MB

  • MD5

    76bd7bef106017beef5d6a9a2f808126

  • SHA1

    751869e8311f492df1a6ab46c1ffa217899c65da

  • SHA256

    ebab0de98f07f25b3a6e984eff5e397d875c52c1cf761749d7f562d97a65254c

  • SHA512

    0423f0665220fb11d054260604df5e1e8d0dfc1d3824cd32ea385a70cfbc540a3aa5c58052f5d8ffea2dfc28985dddf9e71f0ac13c7ffe9dc90f6753d95af357

  • SSDEEP

    49152:4iCrJIy7f+t3spvOqA9Ymd0AFu7FCSxwm:4iTy7yc1OqA8+u7FpV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebab0de98f07f25b3a6e984eff5e397d875c52c1cf761749d7f562d97a65254c.exe
    "C:\Users\Admin\AppData\Local\Temp\ebab0de98f07f25b3a6e984eff5e397d875c52c1cf761749d7f562d97a65254c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Users\Admin\AppData\Local\Temp\is-1GERI.tmp\ebab0de98f07f25b3a6e984eff5e397d875c52c1cf761749d7f562d97a65254c.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1GERI.tmp\ebab0de98f07f25b3a6e984eff5e397d875c52c1cf761749d7f562d97a65254c.tmp" /SL5="$4010A,1293211,746496,C:\Users\Admin\AppData\Local\Temp\ebab0de98f07f25b3a6e984eff5e397d875c52c1cf761749d7f562d97a65254c.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2268

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-1GERI.tmp\ebab0de98f07f25b3a6e984eff5e397d875c52c1cf761749d7f562d97a65254c.tmp
          Filesize

          3.0MB

          MD5

          d0c0822356cbf0aafef8ad7aa52a4c10

          SHA1

          468ccb287518bed27c390b3883379d7d0c2179e3

          SHA256

          8681595f8ed85cf611ef9a993f3a3eca793e435d7105bb628a3e33503b64583c

          SHA512

          8181fa384aa2d3b36d40522fc71e91ce55aaca44a976d62fd0fcdc31c61e61ceb55c78876d3874c8dc23c8ace6abf198dfb24eb0a3738ee6beda0511bdd5069e

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-PUCJ7.tmp\_isetup\_isdecmp.dll
          Filesize

          28KB

          MD5

          077cb4461a2767383b317eb0c50f5f13

          SHA1

          584e64f1d162398b7f377ce55a6b5740379c4282

          SHA256

          8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

          SHA512

          b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

          Download Submit

        • memory/1900-2-0x0000000000401000-0x00000000004A8000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1900-0-0x0000000000400000-0x00000000004C4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/1900-13-0x0000000000400000-0x00000000004C4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/2268-9-0x0000000000400000-0x0000000000702000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/2268-14-0x0000000000400000-0x0000000000702000-memory.dmp

          Filesize

          3.0MB

          Download