Overview

overview

7

Static

static

3

PPPOE095.exe

windows7-x64

7

PPPOE095.exe

windows10-2004-x64

7

使用说明.htm

windows7-x64

1

使用说明.htm

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PPPOE095.exe

  • Size

    126KB

  • MD5

    e3e3eaf898d672e48d0758e075daf0c3

  • SHA1

    384a7a741d539b887f99f2fae711037ee507cd0c

  • SHA256

    b4f5f2c6a7f2f05ec32279f623861bb5a6f7fbbac44696601d995c23e21be37f

  • SHA512

    0fdad5b535dcdd04a52070d80a94158cc8d92e282f99691e24875a420f6139e80d809f44f9f387422d4d470ce65e533ac7c3c8d8b84502436334549445e04c32

  • SSDEEP

    1536:SNsf9oCmhzvH9B646+x9/ebOOlRK/B0VSe8oN9JJGGQeHfpt05aGBe6:hZmhzPr64VenUB0VSLojJJGAHv1Gk6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PPPOE095.exe
    "C:\Users\Admin\AppData\Local\Temp\PPPOE095.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Users\Admin\AppData\Local\Temp\RSPE7BA5.TMP\RASPPPOE.EXE
      RASPPPOE.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\RSPE7BA5.TMP\RASPPPOE.EXE
    Filesize

    26KB

    MD5

    778102445ce21089b28ca9919c268b90

    SHA1

    2a7c65fbb43bfa6bb0972e81cda7f7fa42586559

    SHA256

    bbaa88b64e94b12386efcf7cb6346921960a174722cee40e59d97dad855ae7d2

    SHA512

    a63a77aa5f4ce83507c35724e40d12fc2b37e1be0002dda3b9f2eeec92302bd830dc222dda1b41863954ee1a237d5cfaa4446dc7fda70609ae4f361b86e6be45

    Download Submit