3d362b120c197f0fa7a2acac0318b49ed67ea1ed4aa3dfac34b213e02f7606ed | Triage

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 01:47

Sharing

Report Analysis Logs

General

Target

PPPOE095.exe
Size

126KB
MD5

e3e3eaf898d672e48d0758e075daf0c3
SHA1

384a7a741d539b887f99f2fae711037ee507cd0c
SHA256

b4f5f2c6a7f2f05ec32279f623861bb5a6f7fbbac44696601d995c23e21be37f
SHA512

0fdad5b535dcdd04a52070d80a94158cc8d92e282f99691e24875a420f6139e80d809f44f9f387422d4d470ce65e533ac7c3c8d8b84502436334549445e04c32
SSDEEP

1536:SNsf9oCmhzvH9B646+x9/ebOOlRK/B0VSe8oN9JJGGQeHfpt05aGBe6:hZmhzPr64VenUB0VSLojJJGAHv1Gk6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1096	RASPPPOE.EXE

Loads dropped DLL 4 IoCs

pid	Process
1468	PPPOE095.exe
1096	RASPPPOE.EXE
1096	RASPPPOE.EXE
1096	RASPPPOE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1096	1468	PPPOE095.exe	28
PID 1468 wrote to memory of 1096	1468	PPPOE095.exe	28
PID 1468 wrote to memory of 1096	1468	PPPOE095.exe	28
PID 1468 wrote to memory of 1096	1468	PPPOE095.exe	28
PID 1468 wrote to memory of 1096	1468	PPPOE095.exe	28
PID 1468 wrote to memory of 1096	1468	PPPOE095.exe	28
PID 1468 wrote to memory of 1096	1468	PPPOE095.exe	28

C:\Users\Admin\AppData\Local\Temp\PPPOE095.exe
"C:\Users\Admin\AppData\Local\Temp\PPPOE095.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Users\Admin\AppData\Local\Temp\RSPE7BA5.TMP\RASPPPOE.EXE
  RASPPPOE.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\RSPE7BA5.TMP\RASPPPOE.EXE

Filesize
26KB

MD5
778102445ce21089b28ca9919c268b90

SHA1
2a7c65fbb43bfa6bb0972e81cda7f7fa42586559

SHA256
bbaa88b64e94b12386efcf7cb6346921960a174722cee40e59d97dad855ae7d2

SHA512
a63a77aa5f4ce83507c35724e40d12fc2b37e1be0002dda3b9f2eeec92302bd830dc222dda1b41863954ee1a237d5cfaa4446dc7fda70609ae4f361b86e6be45

Download Submit