Overview

overview

8

Static

static

3

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichlorom...ne.exe

windows7-x64

8

trichlorom...ne.exe

windows10-2004-x64

8

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichloromethane.exe

windows7-x64

8

trichloromethane.exe

windows10-2004-x64

8

trichlorom...te.bat

windows7-x64

1

trichlorom...te.bat

windows10-2004-x64

1

trichlorom...DL.dll

windows7-x64

1

trichlorom...DL.dll

windows10-2004-x64

1

trichlorom...-4.dll

windows7-x64

3

trichlorom...-4.dll

windows10-2004-x64

3

trichlorom...mu.exe

windows7-x64

1

trichlorom...mu.exe

windows10-2004-x64

1

trichlorom...ss.exe

windows7-x64

1

trichlorom...ss.exe

windows10-2004-x64

1

trichlorom...sm.exe

windows7-x64

1

trichlorom...sm.exe

windows10-2004-x64

1

trichlorom...in.exe

windows7-x64

7

trichlorom...in.exe

windows10-2004-x64

7

trichlorom...bin.py

windows7-x64

3

trichlorom...bin.py

windows10-2004-x64

3

trichlorom...ne.exe

windows7-x64

8

trichlorom...ne.exe

windows10-2004-x64

8

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichloromethane.exe

windows7-x64

8

trichloromethane.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    130s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Programs/QEMU/libcurl-4.dll

  • Size

    295KB

  • MD5

    baae54b1157b4c9587cceb4680b13da5

  • SHA1

    939642b482d3e7697cec88d11aebc07bb076c2d1

  • SHA256

    cde6e2b58641afd108ae2606337a71775021127a6109d6d64eadb056ca4598b7

  • SHA512

    433f411f740bb2978a47776fa856874717531985ca3bfbf17cb2f6d1e106585132a7a90ef7b803a10f1293aaad63f2264ee8a8aea2806593d6944e189e0ff813

  • SSDEEP

    6144:wK0GMvBI/QtKUbp9pDKRCzKuGpHTBI9yAR17rRH:wKEvB7Ke9pDXgHTdm7dH

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe-Malware-main\trichloromethane\PayloadMBR\Programs\QEMU\libcurl-4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:744
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe-Malware-main\trichloromethane\PayloadMBR\Programs\QEMU\libcurl-4.dll,#1
      2⤵
        PID:1392
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 620
          3⤵
          • Program crash
          PID:4908
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1392 -ip 1392
      1⤵
        PID:5044
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4212,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
        1⤵
          PID:4604

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1392-0-0x0000000070800000-0x0000000070840000-memory.dmp

          Filesize

          256KB

          Download