Analysis
-
max time kernel
28s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
19-06-2024 09:57
Behavioral task
behavioral1
Sample
Market.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Market.exe
Resource
win10v2004-20240508-en
Errors
General
-
Target
Market.exe
-
Size
27.7MB
-
MD5
7b11552b13a8ed047ec3433707a3887e
-
SHA1
00dc61322b27ba76244ee65c817407afe2ebfaec
-
SHA256
97c0762a9ab97a8395f87afe0a55b5fe6ba20e4cad5d2be3704ab7b8dd4f19fd
-
SHA512
fb3a22db7e4b152b42b49b811811ec0a455a288b6b528535f82367e8fbb783f2a3f3a18c1f7968fae652c681cd08b8430dbab65825c3619a568335e74d80cb22
-
SSDEEP
786432:nRFd0f1QtIJ2j6+s7LWB75zuPNwX3ILe5qW80hlyJr:HOdiIJ2qHWB75iVwXGecW7l
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Market.exepid process 2620 Market.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Market.exedescription pid process target process PID 1724 wrote to memory of 2620 1724 Market.exe Market.exe PID 1724 wrote to memory of 2620 1724 Market.exe Market.exe PID 1724 wrote to memory of 2620 1724 Market.exe Market.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Market.exe"C:\Users\Admin\AppData\Local\Temp\Market.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Users\Admin\AppData\Local\Temp\Market.exe"C:\Users\Admin\AppData\Local\Temp\Market.exe"2⤵
- Loads dropped DLL
PID:2620
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:2852
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵PID:1316
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.7MB
MD5550288a078dffc3430c08da888e70810
SHA101b1d31f37fb3fd81d893cc5e4a258e976f5884f
SHA256789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d
SHA5127244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723