fbb5302b06f7e6824ecdaf59162f3a08557cac0efe6b40b4502eab60ecd04d82

Resubmissions

13/06/2024, 20:46

240613-zkd4nazcpd 6

13/06/2024, 20:42

240613-zgzwystdpn 6

Analysis

max time kernel
1191s
max time network
842s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f_0051d6.exe
Size

3.2MB
MD5

13ca60d73776b420ada5cc15848f8dfb
SHA1

22bece82795e9c60d76c19f22f777f3b19af10d8
SHA256

fbb5302b06f7e6824ecdaf59162f3a08557cac0efe6b40b4502eab60ecd04d82
SHA512

7074d3fb777563a94dde036cab647cfc72c115e140343ec25f6921a5689b4d381b60012dfa0fb2b1ea17621ff90ca4c225cd3f2e71c1a6bab935c33610f4dafc
SSDEEP

98304:VSiRz+JwCh4p8zdpHzEugKdTHvjgJLTiH7BUB:3zI48v1r1EsY

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1692	f_0051d6.tmp

Loads dropped DLL 2 IoCs

pid	Process
1632	f_0051d6.exe
1692	f_0051d6.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1692	f_0051d6.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1692	1632	f_0051d6.exe	28
PID 1632 wrote to memory of 1692	1632	f_0051d6.exe	28
PID 1632 wrote to memory of 1692	1632	f_0051d6.exe	28
PID 1632 wrote to memory of 1692	1632	f_0051d6.exe	28
PID 1632 wrote to memory of 1692	1632	f_0051d6.exe	28
PID 1632 wrote to memory of 1692	1632	f_0051d6.exe	28
PID 1632 wrote to memory of 1692	1632	f_0051d6.exe	28

C:\Users\Admin\AppData\Local\Temp\f_0051d6.exe
"C:\Users\Admin\AppData\Local\Temp\f_0051d6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Users\Admin\AppData\Local\Temp\is-QVULN.tmp\f_0051d6.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QVULN.tmp\f_0051d6.tmp" /SL5="$30144,2484196,893952,C:\Users\Admin\AppData\Local\Temp\f_0051d6.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-04G9E.tmp\Win32Library.dll

Filesize
46KB

MD5
564f2dfb6bef1f47798dfb5d182232f0

SHA1
290a5ad705a85e7fb26efcdc5374cd39738ad242

SHA256
671fb4649ddd8428c7f6fd1e14b30fd4735efbbb8c142e2662e157d87f96c9c0

SHA512
492091b1ecb0e36f3d01a7b6d516d836224966dc6e8ec9bcdc2254d252f9530c9b9b45ac10d5216761d557cda2454e3d53060b42e55f6a95631baca29199926b

Download Submit
\Users\Admin\AppData\Local\Temp\is-QVULN.tmp\f_0051d6.tmp

Filesize
3.0MB

MD5
5c6dc4f810bf08224a748763e915d294

SHA1
57e9256e9aeaafd45e4bdc8461f5fcb73f65302e

SHA256
44f80edcbb47c543b362916340af40e5e0f5fa38c1c17713af1ab463d1389e9d

SHA512
8a834ad640ea17ff74d4956d968fe4f5dc657f8fe152eaab778363b2d301733eca2ae01227e20ed9ed88b9eaabe2914a1e388ecea214effdce6725dd28164a15

Download Submit
memory/1632-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1632-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1632-17-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1692-9-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1692-18-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1692-20-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1692-22-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1692-24-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download