Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 18:34
Behavioral task
behavioral1
Sample
9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe
Resource
win10v2004-20240508-en
General
-
Target
9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe
-
Size
72.9MB
-
MD5
cfd1558fd24236712a03d60cc94aa02e
-
SHA1
f37da01783982b7b305996a23f8951693eb78f72
-
SHA256
9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c
-
SHA512
17b94007bad5190fe8f401db483523a66285bf29a890f88b3a8555e272397c5571c88fcdf6cd03509f89d0c0d914f784bae502e7adb9fa06d1bdb1a65d5e057c
-
SSDEEP
1572864:VUQpj29GSk8IpG7V+VPhqIpE7WmjRMkiY4MHHLeqPNLtD4WviZpOkV6:VUq+GSkB05awITmdMfMHVLtMuiSQ6
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exepid Process 2040 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe 2040 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe 2040 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe 2040 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe 2040 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe 2040 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe 2040 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe -
Processes:
resource yara_rule behavioral1/files/0x000500000001c8aa-1229.dat upx behavioral1/memory/2040-1231-0x000007FEF5C00000-0x000007FEF606E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exedescription pid Process procid_target PID 2928 wrote to memory of 2040 2928 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe 28 PID 2928 wrote to memory of 2040 2928 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe 28 PID 2928 wrote to memory of 2040 2928 9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe"C:\Users\Admin\AppData\Local\Temp\9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Users\Admin\AppData\Local\Temp\9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe"C:\Users\Admin\AppData\Local\Temp\9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe"2⤵
- Loads dropped DLL
PID:2040
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5765a243d3a24dc86b832edf0cb5bf6e1
SHA186dbf2de0617d9589cd7f2f2507fbdab7c5c922a
SHA25676c6d607491705e6fdff250c7ca1e7ce1709565786895dc1fb0b28f4782e5dec
SHA5120e9b401b22fe5e0757789971ef1f47c1ecab173011ab065330beff5c6b91d5ab29afed984f5ff115ce0605e537281a23ac501454a9a46fae625a8eda8c11d6b3
-
Filesize
11KB
MD5be64a8905c905581884c987c60f02de0
SHA1204330902966b5b19552d058c228163a0e425d64
SHA256fcd3b845010c0caddfa78722c95570bfdccff7770b48c2caa0f4872bfdff6bb1
SHA512de15220bb4f62e3cd3490b06cf1e52be7a675ebc7f1a5e6b3f3ebe3e069e0b19f1a3fa3fe51c17eee7752abeebf923faec59c2343fd7dfe0da86754caea09d8d
-
Filesize
14KB
MD55e5b3246910237da716c8b189dc740fd
SHA1acd1b12a7a5463f2212ba50a1af563073f3eb7aa
SHA256ca3adc575bc0dd928b5e2b84a254783dbd36a5f18e8b42034407543fbacc2a52
SHA512e92ebad3b2b39ce04e983cbe4f75d2b6dd26f6f8288cf5c57e24bcbb5fa2e4b59a6dccfaf3c3510b9d1f9e45f430bfdc7994b67c4a2f46211d0e6531fdc34a78
-
Filesize
12KB
MD59e7441ef965b380b75b82a1c9cd3884e
SHA1274bcfe166f2bd0e62fb3d8f64b7adfa04963f5f
SHA2568ea398785960e5fa143b97a333e60f9466b4f7f94f5dd173c02a2aa628d00c2f
SHA512efe08a8211e0e9381bc8749bd2d20558431495ba82685ed91b65deebda10ad8d455014ccc762d94361cc2f801315d46b9da31aba7fea87503f95db4a09112e7a
-
Filesize
12KB
MD5b83d28b1babea99ee95d5e81ea61fb1c
SHA1f4d492ece484e75b5cdcf680f8c8280b1ae52118
SHA256baca05368d3adc7769be8687280a45ac3d72141cfd3d7e67453749ca70320e1e
SHA512dfaf105ac537337e7ad00931c5fc44994f45537b5bacb9036c95a555b879de9d63ea19d19987b262413d205244fafa5e09d7db9568af5796eb9eb6f54421e0a3
-
Filesize
1.4MB
MD5d53251f4484a0092b00b9451423a5e38
SHA10e15a558ec6ae369147ae07a828c0f9d68dceabe
SHA2569e1dc8da1ed1d0aeacf2b636bd20704d683d0ff15ac0be0c16616a247a9c070b
SHA512ef9ce3c61d2f4b128eb092e9ae32c4433994aa7ba6f6a25e59c2cbd7afb35155becf8941a8c13e17a57902b7bb5022c06bc1dc5e8ccc1c47d22dbe8c39037649
-
Filesize
986KB
MD5f7409ff2f0ea3a7b6a18709d4fda563a
SHA1902eea6263811f6866d2a1df4d3bd7686083d221
SHA256a56ee0ddc5120538cd7cb2073657b3a0d95cfa202712b2079a5a8d5052594b2a
SHA512e600160c11e17c69d0fca8999290bd84d8afe748f77fe91c708a7136c976bb85cd16f60905fccb045c7ead7032af3778feb6ed21b687a82f4a7da698333dfa4a