Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
25-06-2024 01:40
Static task
static1
Behavioral task
behavioral1
Sample
af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe
Resource
win10v2004-20240508-en
General
-
Target
af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe
-
Size
36.5MB
-
MD5
0e12bdd2a8200d4c1f368750e2c87bfe
-
SHA1
6c8b533e2c7f6ebef027971c3a06f4c55ed64cfe
-
SHA256
af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403
-
SHA512
909f15876f3a6cbe608eb53df4286927b013c45ff6acbc496a1590b9cc3fe47b1bb449ed45c3302f6d03cccb876cd2cc26f2b5e7c1ca4ff2d17dd4dee77bf75b
-
SSDEEP
393216:sYJEy4Te0rrigZ9BCbZPBKAgKBXSTzdOskYXXDeycerzHP+THt+/nDSpQg:sYJcrlZ9BGfg8XIJOkXXPCTV
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exepid process 2408 af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe 1192 -
Loads dropped DLL 1 IoCs
Processes:
af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exepid process 2888 af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exedescription pid process target process PID 2888 wrote to memory of 2408 2888 af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe PID 2888 wrote to memory of 2408 2888 af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe PID 2888 wrote to memory of 2408 2888 af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe"C:\Users\Admin\AppData\Local\Temp\af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403-c948b07bb1cd0a24\af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe"C:\Users\Admin\AppData\Local\Temp\af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403-c948b07bb1cd0a24\af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403-c948b07bb1cd0a24\af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exeFilesize
41.6MB
MD5312c3e03890f7d5242fe2158acabd4e8
SHA1d148cf18f876b55c03f2718bfff321b7d6287f87
SHA2566ac290f077cd4228dff7dc37a4c37e0a675207ad345543e8cd01008ce67ea751
SHA512da0e5c199a7ab586a17dd7b74cc4b6727ac5c9efcb3397b45f8806a6418c20bfc7515804ca10e2a9c52b207b56f3a56c86e3c3be646ffe27f988c59b0bc66971