Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 01:34

General

  • Target

    339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f.exe

  • Size

    35.2MB

  • MD5

    9a67ac2d8113e86a3699f49c485d345a

  • SHA1

    59f7ae082bd9893286f549bd6dac033ffcf014b1

  • SHA256

    339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f

  • SHA512

    c5e667019dfac64838fd660b396d3c2b1806922f449ffcddfd2e5e3dbdd0c1759d6fcfb14834faecbc45ad895685f20afe6bf2a41adf18715be46ee8a8a0dd1d

  • SSDEEP

    393216:4RVXO3hEg5/JudPsRwyCpcyCpY1hhD2l3qcTKLbrGh3k6aBeA0K:KJshfBudPV3c3gkqcTKLbrGhZVA5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f.exe
    "C:\Users\Admin\AppData\Local\Temp\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f.exe"
    1⤵
    • Loads dropped DLL
    PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\Google.Protobuf.dll

    Filesize

    388KB

    MD5

    97b00cf7ae2658051d74cb009e33932b

    SHA1

    58fc889f50c0fd41b1e80533585f44896697f7bc

    SHA256

    c32e70cfd3abfb2c2381a434f57b5616da6c7dcd8457d2f7db1de0d53646e2a1

    SHA512

    eda206adc6630cc2e5b677635ef7f1e5696a1b6ddc531dd746e91a9e4cf6b28875ede684369295a1d0a3ba346f9989f4e85e459498ba6bebfe53fb89f2400db5

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\Microsoft.Win32.Primitives.dll

    Filesize

    7KB

    MD5

    07b0d8d5562b3b60f5b78cf80b08cc84

    SHA1

    d4760c390aff85493fa5f17cc74a92324e66c550

    SHA256

    801a02e48db21fe906f2c5bdd7954f112b3ce95180e56d298e5f20e6031d5635

    SHA512

    ca904d1a674b4a6fda69812f1d860e37f0144b4f6afb58e60755a9db542b3461e23498313122810ed031e3fd214e5393fe4928b61c418c535bb7b5275bc29f0c

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\RWDWrapper.dll

    Filesize

    140KB

    MD5

    747a286b7840142cc73ff5c88959a7b1

    SHA1

    0c74fbdb3d1b0b650de0f7991ee4656ea588bb93

    SHA256

    f1abb17ca825223cc3897ff6064734e4c2c8441f755c8cbde1e0a6ae53c96283

    SHA512

    38e80937f38c1c48051118ce0fe7c0bfe604711c67c6274da7f198589cdaa1b6af6dd1f9299d141d6313fb3d29567c0b84f960014535bfb34b789558a37d6d20

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\RWDetectCore.dll

    Filesize

    250KB

    MD5

    3064153155ea16efe2871a77e3be99b1

    SHA1

    1e6742472153b7bef92a0e747792e22f182d8af5

    SHA256

    ae52e40224029b2abb4369a842ff8533951af5bbf8c0b991874a4685498bc27d

    SHA512

    291d223de434c361aaa211133314df597558561c4c002e7f92e47babb0dcbe606fec384a30228b9f46b01153930997f219e78920cb0def5a1def758183154444

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\System.ComponentModel.Primitives.dll

    Filesize

    21KB

    MD5

    1bfae4eb268780ee5ffd12279051f165

    SHA1

    46cee1b14a0f6e9c420355085204c6c5112223fc

    SHA256

    d5663d4ef35bc38218d7b77b7f03c5c836c3abf712e3f6413c0945d458f6d730

    SHA512

    67643b7e8f9f62a17dda98811448104d578a68fcd30864c0cb60f8f2dd0b0d27cbc34a3d35c4f4e14f3ddbf5debd8f65a09a367836d7cddc489de78540ef7677

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\System.Console.dll

    Filesize

    61KB

    MD5

    b09cdfc0323c18af2fc00cb792bef5f9

    SHA1

    a549e835a5a418bb7a706b9538d26dce20d93fd6

    SHA256

    306275d797992b656ac6ffa87b1b36f9b0df9f0fc35e8f39aa9330d77dba95dc

    SHA512

    0a250de2cef4f99fae033b319466b5e207f87891a541adfff5e6b0f99768044ed87e4ba48c2d4ec2a431d91af360556b040a828735929124571c824609985c99

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\System.Diagnostics.Process.dll

    Filesize

    103KB

    MD5

    b90ff9e9d2ec177ce1cbe54eb1224271

    SHA1

    f893adfbc6f81efb5b16b1bed2aff06e2c18a2a7

    SHA256

    d6d57ef90d2c5bb32880add8510bbabacd909cdecc428776d68b7d5e0011a549

    SHA512

    1cc247d30c1ffb7322fe12d2dc532d3dd12e4fc2c4d52a8abd5c4d8ef255a5ae3956df45478576b563bc9c46f5df2ec4d06896d9308c0828b67e9796dece0ab5

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\System.IO.FileSystem.dll

    Filesize

    84KB

    MD5

    9551c111436c2ce7115c89b242b001a2

    SHA1

    b626e1365bd3238d9efbc2dc54acb127928ab3a4

    SHA256

    153fb51ac6e06d59ad78d77ef04e441157262bb8c6461549ebd79dd5b99faf56

    SHA512

    11c864f43dfb3e744585ea44b986936c1b154991885bb8d35c66f2019653b7a5efc4e2422c668a0b6f9e97a67f97844a3d0f319246613388d7a09fc339100c0e

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\System.Private.CoreLib.dll

    Filesize

    8.3MB

    MD5

    2bd785b7910d92aaa4c74aa67d3ab0d0

    SHA1

    39eb8f690f000da61c86cd2a3a44379d70165906

    SHA256

    b39ce8db3a0202160533d868dffbb6295fbe4e4f0191cc99566a41a232f1de33

    SHA512

    3fc0856764fdcc92c5b531fed738f2a2649561a222a015da523e4ee4a5e6c86e1947e1a468ae1f8674582ae2960ebd7eaa2821cfab7a9d02e76858e5f72e5dec

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\System.Security.Claims.dll

    Filesize

    38KB

    MD5

    915966dbd840fcc73ab2405bb18e271c

    SHA1

    0b52c45fb707b4276822166e26837da58d514b9b

    SHA256

    4b53f524266f19ee6caa250170aaf74ddbd56c1a5f0e8e77cc22f2cca45dee77

    SHA512

    34230f6e0a9cc7fde186ef63bdc65c70f90e5ffe52840fafdbde640585b171f744886a81c7248e5f8e8d0d39ee8a0196092d7cedc1e8b5322cf31804e19dd1c5

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\System.Security.Principal.Windows.dll

    Filesize

    70KB

    MD5

    e7e5c665e277876f1da001bc0b8fd29f

    SHA1

    2834285442131c4ead130983c623c36c07ffd4ee

    SHA256

    6ab14f9e5465679eb1eaf8fc6d60da0e6b83953e916d44fedbb7a669a1dd2e6f

    SHA512

    df2eaf5d81ddaa710eec4ef1906c82fdb5e7900c12a0c8e146f1f1992cc9b7c952c507926232ebf4c7c95dbec0e1f57c7dd6daff2353856315e36ea3ab8d85ef

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\System.Security.Principal.dll

    Filesize

    14KB

    MD5

    9677d4c2ef1b96413bc7450546a32117

    SHA1

    c495a8f361efc271c701affe769f71aad72012f2

    SHA256

    55667d06c50f9578688d3442f0806271d21709068e0522519602b9c9923cec50

    SHA512

    3cd5a555c845aa324d98b30d227d54ce7685ebaecd122f495c5ecff47ba102d5ad74b259345fe2a72c8c9d047451f7b2819a4884e5cc606b54e31f0df848f804

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\api-ms-win-crt-utility-l1-1-0.dll

    Filesize

    18KB

    MD5

    70e9104e743069b573ca12a3cd87ec33

    SHA1

    4290755b6a49212b2e969200e7a088d1713b84a2

    SHA256

    7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95

    SHA512

    e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\clrjit.dll

    Filesize

    1.1MB

    MD5

    27789a18fdcb4a187ee5eefd437ff148

    SHA1

    f54a6bbac13d4718a2a184a154b43d67dd5d0e34

    SHA256

    02c9cfd7d8e2ac05848b5babf5f1b1f814974fe4c76f78fa7fd2028d60f4920b

    SHA512

    68f07c6e0bd366d32f3eee9614a8a10430300a466d8a6c1228fb8aca30a3cf3b09d8c92d29946041abfe0aa1a237a99d780fd88faa5921548b517dc339f06a13

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\coreclr.dll

    Filesize

    4.1MB

    MD5

    3865f4485c85711df1def0a34500435d

    SHA1

    39b2e834ed7cd230e6c2492f54e459ddec1b26ac

    SHA256

    87101d385993e908ce389d02ea678ec262699004fedf9312471dae9508b6d039

    SHA512

    cb3e1484bdbe8aa8059dd802dd30c4bc76322c90961bf7bfab88d96def40210eb9c5b2c9ac94177bba2e531538e308d1a33401b5f44e2d40c60c6db606699881

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\hostfxr.dll

    Filesize

    460KB

    MD5

    062130267f2b4578371730049cdb3019

    SHA1

    7e5c6148ea73ac6183ab1a35ba66b05c267199de

    SHA256

    eca52750458735e777da61d34ed9a647afc363ad45eecae3828d0de841c8357e

    SHA512

    f34f6d871d8f1aed28aee3869f19c8017e3a54ee0240546ffb2f98353dfe7161d9eb2f43c672dcca61dfd128421131de60aa808a0c865368885900f6094a6cb5

  • \Users\Admin\AppData\Local\Temp\.net\339a5d73c9d79aa4453c61bb915a895bf8495c562937f19f22136caa61f8fd3f\qrbbwuin.lf4\hostpolicy.dll

    Filesize

    456KB

    MD5

    c5e6db8817401d455753c8545bb52629

    SHA1

    25fb83bd7253cba007fdb1221e5fb55e24b33d0f

    SHA256

    4fbf2e5ee0cad1b58a04ca39b1c02b081fc7c4fb640db03c93c35f3536438993

    SHA512

    e03963127e335668517033c177ad854c3baa3080182e3181cb91ffb6fe138ae9ee9e14ab8e14343c82d6394da89a48f5cae20b41016af61bb58df2320f722b6f

  • memory/2752-147-0x0000000074EAA000-0x0000000074EAB000-memory.dmp

    Filesize

    4KB