Overview

overview

3

Static

static

3

Client.exe

windows7-x64

1

Client.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    131s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2024, 20:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Client.exe

  • Size

    253KB

  • MD5

    f7bea0ecab72f62723c2557d52dd56ed

  • SHA1

    d1b0d1fd02c7192e03163de4dd66095a39b49076

  • SHA256

    446f2ae338368abe954d2417fbd953c371a6e8787c2f2236a1b399fb55846e48

  • SHA512

    1489bcffdcfe5ad147639d0eceb4242d6dd7095be9f1dfe89e80a6c1c46fee076c0f299e21addc75a526d6fe11c5a16c4ca403de10e8dfcfdaeec2af28a5c909

  • SSDEEP

    6144:WHgnPV2KM6IN+Sq9e6VlWT8b9axsyqbk9Rbzock:yUlzPVle8P3QFoc

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client.exe
    "C:\Users\Admin\AppData\Local\Temp\Client.exe"
    1⤵
      PID:2576
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4156,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=2536 /prefetch:8
      1⤵
        PID:1936
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:3812

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\Desktop\ConvertFromImport.nfo
                Filesize

                702KB

                MD5

                bbbb350aad1679bac7d9f3a2147c4567

                SHA1

                db1fae9f33238b38cd17f151fa52f4613ef2fe1e

                SHA256

                ad5a3d4450afd641063662410444d3b5d68d3e882e8611adbfdce8ccce98b09c

                SHA512

                83c1a11c99499ea1188388713f913764d8e1ad6342081b27d1d7f6eb309ddce384137d7f69a95c3da970c21cb9db564c44848c7ffd04e1d6542cfce4e88612e7

                Download Submit

              • C:\Users\Admin\Desktop\CopyConfirm.wdp
                Filesize

                293KB

                MD5

                da7221b282346bed5f8ea28c07b919f7

                SHA1

                7d57ad14d8297a816687474f603fccab031bca16

                SHA256

                f691cb3c141379cd3dc555d0ab32f16f3b0c12b89ea00f2883281f489c89e0d0

                SHA512

                59ae038ac1a9f7f310b9dac58c478df34077c4bba58349f4a91d4dde81c5e5bd9c95592dcea1c50ed3eb99e019c7d38510c27fa3b82bd558d957b5aba2c26fe6

                Download Submit

              • C:\Users\Admin\Desktop\DismountConnect.exe
                Filesize

                523KB

                MD5

                3492ec445581d872ce7c2cd796df8a92

                SHA1

                f062ea6e24155c3047596609bb4c8613db4d90c6

                SHA256

                c9b351fa5e8c81bab43f55f659b25c4ca824afcff87e71accdb9d4c5642f7ff8

                SHA512

                7f0a9ccfe202f7304381de84c8f9ee1174103ffbb937b04029db4f8d874766e7b6308f9fba415be8a4d44310e2f2e6b5016663b306645ac53096e21b0760c550

                Download Submit

              • C:\Users\Admin\Desktop\DismountSend.eps
                Filesize

                344KB

                MD5

                990207df73f65ec357468d0992d40aa2

                SHA1

                2ededf6e6dfe32d11aebaad717a78ddbb6bc7cee

                SHA256

                2be54a7f0caab76a0ec037dd4bd3ee3d90af4cb6c21c8639dd926b71674e50fc

                SHA512

                cb63d9f1f47e8c6ef521d1066ec32d49623af1675697282778f63a2d5eb904d48068a78d570e07ea5c26168b9796da60749d44f9bd11295254ffbe00442f7e3e

                Download Submit

              • C:\Users\Admin\Desktop\JoinComplete.vssx
                Filesize

                574KB

                MD5

                4ae9d20a1af0e363ada172c6254c6b04

                SHA1

                e3ccc6d5e4277278d34ca19cb2fb52c12f381e69

                SHA256

                21cb1751484b94e71394c9605513cb94103e1a292c34786f21d0e991d7508ebd

                SHA512

                a4f7f610ea3915c48b5a16ae84fbd1a508bdc52f304befb0c31caabcd371015018e876a82c0d569dc90cfcc193ca82b6f9cc811d7b1fe35d49d391c88c854c3a

                Download Submit

              • C:\Users\Admin\Desktop\MoveCheckpoint.bmp
                Filesize

                446KB

                MD5

                5a46a65906c612fbcbe8a194d5803053

                SHA1

                2fc7a1781df876d9cdbeaca1b90fb868124a0e93

                SHA256

                8a2f9d21121dd5cd8799dcec4db60766093128332ea51d5a8b7baf5184559996

                SHA512

                d51461560b7c51275b04664bb6d9978c7d4f1e0e9bc1a77887bdde83599652e3a9bb9c8bd1e208a8bcde703aefb343d8e67b58c0b806e2a2aaac14af95625542

                Download Submit

              • C:\Users\Admin\Desktop\ResizeGet.tiff
                Filesize

                1.0MB

                MD5

                7d69d213e70a19493a3fbcc3ddee6065

                SHA1

                b2574b46b50b28562600964f2a7875fdfce27404

                SHA256

                7ad1e254852855e51d04f759025b3e78f59039510e1bc577c36a7f2630157021

                SHA512

                fa73789eccc6088f5327ee09eb369e1dfa4f9e1112c38e1cbf04ec23890a7c750df30f60e5c89fa39cabad81710c9332d95fe3263ae2126df52b80b880b738c4

                Download Submit

              • C:\Users\Admin\Desktop\RevokeClose.mp2
                Filesize

                395KB

                MD5

                edaa59ba7fc1dcf95e57ea14bf6ad4e4

                SHA1

                a15e730ff4aecad2ed1912ec70dc893c59bf2e0b

                SHA256

                cb96852515ee65732338d618987fbdbafb72d633124bae003cd9e2c6b4adadd6

                SHA512

                9fa0d8f0315f96e993625eb27cffe31d453b1e2f8f742da0219c887b5e4435086020c44d62846d34009f69c660e73bfd3b10350d4e997d18254b3e6d454f3263

                Download Submit

              • C:\Users\Admin\Desktop\StepReceive.vstm
                Filesize

                651KB

                MD5

                1ed70140f2af3321ce381286d55869e1

                SHA1

                613ab33866f35e1e8e92f91e709266d416c4ea4f

                SHA256

                09fa310501a2cddd8b5e66bf9909fd1da3a11c37910ab2dc7b920f42cc5a01eb

                SHA512

                a26b3d588d0441f6849048122675cfafdc231254acb5a7df79615a9c0fd583a6e247227f01916808979205e351efa1454e0543d8e1f8054c17dffdfee161083d

                Download Submit

              • C:\Users\Admin\Desktop\SuspendCompare.odp
                Filesize

                600KB

                MD5

                3839f601545c2818ef96833cadb53519

                SHA1

                860a516adf9901a3eca3549aa477f0f902fd661f

                SHA256

                7ce235db8d10bf758e3fa0a84db68b27c0e8f8221bb87b0a051c010355d66ede

                SHA512

                321fde88ed28e17e04631dbd39d451612db313347fdc4bbb74e9bdc0053db9d51a046a745cbcb66773053c68b02bdb6448bea1baa69625af62447bd9546030e8

                Download Submit

              • C:\Users\Admin\Desktop\TraceMove.htm
                Filesize

                421KB

                MD5

                7fd45ddf1520a9314a877a95ffdf24f5

                SHA1

                de647711abd6f03c7a97636733afbfdc88a0e116

                SHA256

                b41b0df02ba20b0506cb309296d01a7ec013d57ed6ca982d6d73f83342e0e42f

                SHA512

                0482e780df827f72ae54a1480cab20dcb1265beb27f5d04c649bbeb0160d45a0714b37050ba5ad480180d3a090dac94397f0cd624cc23d5cdbf4808887b12ff7

                Download Submit

              • C:\Users\Admin\Desktop\UndoStop.shtml
                Filesize

                625KB

                MD5

                f55f3f5b447159cf0c3c1140271d9b93

                SHA1

                46267349553b3e83b903d0ffdcabc211d4de3864

                SHA256

                27c94e685e6fde9202388c9a291ef13e391078c05e95339319203f1390374c25

                SHA512

                42ac5b4d5c7c6369b679af9cd6bdca68afd6d768e7ec61f0312afd700de9b2e104f08efd6b925b0caa5754a5a715329082ef4a780170f7cbf16c51d1cbcfdca4

                Download Submit

              • C:\Users\Admin\Desktop\UpdateSkip.jpeg
                Filesize

                268KB

                MD5

                f91969117a948fd4d4613b87d7c878b8

                SHA1

                4e82a24404c293c5d4a013e68b9c38e1ec944f37

                SHA256

                56df12f9d3bb3d90e2ba09b0e41a72b42e4a33598241177bdf87151bb2b8b9b0

                SHA512

                37f30525a0a19039321c9768c8ad0ae69df68e89d4ac6a8a3a7e7d91e4bc26e70ec1fe4dc3022f566192e7cbf6539fcad152d7793906abbcced3c3e908933851

                Download Submit

              • C:\Users\Admin\Desktop\WaitConfirm.snd
                Filesize

                472KB

                MD5

                a4d6d90c9fc55216f7de5146ab80252d

                SHA1

                d618a771a42f13a413c7a615fe3342c04f2b0114

                SHA256

                840841296e87b561cf1c731ad166e23ac6781900f8b0f80ad2fa345df4a65140

                SHA512

                fc4825ec4d28f979e98b3bf29412d13ffbe8fe2ee5ce147ef5510ca4352a94998b874bfee9126953478318420b60812e89a5f554a751f5853532f1be6f49a0c9

                Download Submit

              • memory/2576-1-0x00007FFAAC523000-0x00007FFAAC525000-memory.dmp

                Filesize

                8KB

                Download

              • memory/2576-0-0x0000000000490000-0x00000000004D6000-memory.dmp

                Filesize

                280KB

                Download