Overview

overview

7

Static

static

3

5f2f5fb941...90.exe

windows7-x64

7

5f2f5fb941...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 16:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f2f5fb941f984bf653488a0fa0f526aff474607b581dfb1320d3a3913533290.exe

  • Size

    1.6MB

  • MD5

    31987d67a66655975912932ae0bdef4f

  • SHA1

    35647ead056464b3f93580c5f096dcf6a5ef8a4f

  • SHA256

    5f2f5fb941f984bf653488a0fa0f526aff474607b581dfb1320d3a3913533290

  • SHA512

    157c3048b4c49432a8d819cde081d21402ed20047a07b16c4fb916df0625151d4f205321c4a17951078b8928cbf8b428d0b906d7766b2c122c24f160ab6dec76

  • SSDEEP

    24576:bmfiul/z3Jc10qkVEmUBtE7P5yRG65ZGaiwPw97AbaC0tiQ6WK6oAyLLvX2ovHCv:uiCrJIy7BqG65967DCU+WcGovHHZc

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f2f5fb941f984bf653488a0fa0f526aff474607b581dfb1320d3a3913533290.exe
    "C:\Users\Admin\AppData\Local\Temp\5f2f5fb941f984bf653488a0fa0f526aff474607b581dfb1320d3a3913533290.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Users\Admin\AppData\Local\Temp\is-CG0SJ.tmp\5f2f5fb941f984bf653488a0fa0f526aff474607b581dfb1320d3a3913533290.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-CG0SJ.tmp\5f2f5fb941f984bf653488a0fa0f526aff474607b581dfb1320d3a3913533290.tmp" /SL5="$30130,855256,729600,C:\Users\Admin\AppData\Local\Temp\5f2f5fb941f984bf653488a0fa0f526aff474607b581dfb1320d3a3913533290.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-09TH1.tmp\_isetup\_isdecmp.dll
    Filesize

    28KB

    MD5

    077cb4461a2767383b317eb0c50f5f13

    SHA1

    584e64f1d162398b7f377ce55a6b5740379c4282

    SHA256

    8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

    SHA512

    b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-CG0SJ.tmp\5f2f5fb941f984bf653488a0fa0f526aff474607b581dfb1320d3a3913533290.tmp
    Filesize

    2.9MB

    MD5

    bcca51b93682f25f0b2a86d7eb17c674

    SHA1

    dde33e04dea1153ae2a1c7e0e35d5741b71aa212

    SHA256

    5239482dfa411be60c6c22acf3af19ac3c3852dc2cbead90062917d128dca271

    SHA512

    f0fcf7772937b79183ab7496ace7c35e7ab548f8128f7e4a6b9d59a35f641958df433a21aef05a5179120d0688afe27a5ba21826b495aa4a34526027874497d7

    Download Submit

  • memory/1748-2-0x0000000000401000-0x00000000004A8000-memory.dmp

    Filesize

    668KB

    Download

  • memory/1748-0-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/1748-13-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/2056-12-0x0000000000400000-0x00000000006FE000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2056-14-0x0000000000400000-0x00000000006FE000-memory.dmp

    Filesize

    3.0MB

    Download