Overview

overview

10

Static

static

10

win7/runtime.exe

windows7-x64

10

win7/runtime.exe

windows10-2004-x64

10

win7/win5.exe

windows7-x64

7

win7/win5.exe

windows10-2004-x64

7

win7/win6.exe

windows7-x64

7

win7/win6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    18-06-2024 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    win7/win6.exe

  • Size

    8.5MB

  • MD5

    54da1e18625df8635098673f7910ef0a

  • SHA1

    a7093de871853b6b2ee0a506dc2e40d56f2b2cea

  • SHA256

    0ec75e29acf2a905f1061e1c051bd34ef6ba01e216f8cf0f43db983eb0e6d5a4

  • SHA512

    1d50dc05bd4e74fbf19bf492ba35111af75167d7822ba866e6557b8fa3090795c990b7ce1fa3a88cba9e315b51b8212fa6e32fcd9ffc1514f007f30d8fa2820f

  • SSDEEP

    196608:3ZpWwkjiVXF4ckmkXnVFPQ/WQ9pQeHSXhLZmftMbjUFrNWk:3FVV41lFPpQ9GdxMftMbjkN5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\win7\win6.exe
    "C:\Users\Admin\AppData\Local\Temp\win7\win6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\onefile_2176_133632102186730000\main.exe
      "C:\Users\Admin\AppData\Local\Temp\win7\win6.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3032

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2176_133632102186730000\python310.dll
    Filesize

    4.3MB

    MD5

    63a1fa9259a35eaeac04174cecb90048

    SHA1

    0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

    SHA256

    14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

    SHA512

    896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

    Download Submit
  • \Users\Admin\AppData\Local\Temp\onefile_2176_133632102186730000\main.exe
    Filesize

    12.5MB

    MD5

    677a4308b447726c114cabae725f8cb0

    SHA1

    440ac32a073a81a5afd1c695fb55b6df5f8813d2

    SHA256

    9be96084ae3f0f51038b6061a33f74acc16aaf02f3f6061f9170295f4b11900d

    SHA512

    a4826acecb86d38de53330ee623d396f73a018039e45849e4b37c8a9f44c60c1de65fdde0dc215e42f5fde1bd624bef640e94b98dd4ea7f12e200c39f4677618

    Download Submit
  • memory/2176-111-0x000000013FAD0000-0x0000000140362000-memory.dmp
    Filesize

    8.6MB

    Download
  • memory/3032-58-0x000000013FFE0000-0x0000000140C8A000-memory.dmp
    Filesize

    12.7MB

    Download