Overview
overview
10Static
static
1008751be484...2d.dll
windows7-x64
1008751be484...2d.dll
windows10-2004-x64
100a9f79abd4...51.exe
windows7-x64
30a9f79abd4...51.exe
windows10-2004-x64
30di3x.exe
windows7-x64
100di3x.exe
windows10-2004-x64
102019-09-02...10.exe
windows7-x64
102019-09-02...10.exe
windows10-2004-x64
102c01b00772...eb.exe
windows7-x64
102c01b00772...eb.exe
windows10-2004-x64
1031.exe
windows7-x64
1031.exe
windows10-2004-x64
103DMark 11 ...on.exe
windows7-x64
13DMark 11 ...on.exe
windows10-2004-x64
142f9729255...61.exe
windows7-x64
1042f9729255...61.exe
windows10-2004-x64
105da0116af4...18.exe
windows7-x64
75da0116af4...18.exe
windows10-2004-x64
769c56d12ed...6b.exe
windows7-x64
1069c56d12ed...6b.exe
windows10-2004-x64
10905d572f23...50.exe
windows7-x64
10905d572f23...50.exe
windows10-2004-x64
10948340be97...54.exe
windows7-x64
10948340be97...54.exe
windows10-2004-x64
1095560f1a46...f9.dll
windows7-x64
195560f1a46...f9.dll
windows10-2004-x64
5Archive.zi...3e.exe
windows7-x64
8Archive.zi...3e.exe
windows10-2004-x64
8[email protected]
windows7-x64
4[email protected]
windows10-2004-x64
4[email protected]
windows7-x64
1[email protected]
windows10-2004-x64
1Resubmissions
03-07-2024 22:59
240703-2yn7wszhlp 1003-07-2024 16:13
240703-tn93lsyglf 1003-07-2024 16:11
240703-tm84xsyfma 1010-05-2024 16:25
240510-tw1h5shh47 1024-08-2023 11:16
230824-nda8msdf8z 10Analysis
-
max time kernel
141s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-07-2024 16:11
Static task
static1
Behavioral task
behavioral1
Sample
08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
0di3x.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
0di3x.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
2019-09-02_22-41-10.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
2019-09-02_22-41-10.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
31.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
31.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
3DMark 11 Advanced Edition.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
3DMark 11 Advanced Edition.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
42f972925508a82236e8533567487761.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
42f972925508a82236e8533567487761.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
905d572f23883f5f161f920e53473989cf7dffc16643aa759f77842e54add550.exe
Resource
win7-20240419-en
Behavioral task
behavioral22
Sample
905d572f23883f5f161f920e53473989cf7dffc16643aa759f77842e54add550.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
Archive.zip__ccacaxs2tbz2t6ob3e.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Archive.zip__ccacaxs2tbz2t6ob3e.exe
Resource
win10v2004-20240508-en
General
-
Target
Archive.zip__ccacaxs2tbz2t6ob3e.exe
-
Size
430KB
-
MD5
a3cab1a43ff58b41f61f8ea32319386b
-
SHA1
94689e1a9e1503f1082b23e6d5984d4587f3b9ec
-
SHA256
005d3b2b78fa134092a43e53112e5c8518f14cf66e57e6a3cc723219120baba6
-
SHA512
8f084a866c608833c3bf95b528927d9c05e8d4afcd8a52c3434d45c8ba8220c25d2f09e00aade708bbbc83b4edea60baf826750c529e8e9e05b1242c56d0198d
-
SSDEEP
6144:vU9Q9tD5WuDQa4t3BMgLkzvCOnYxcEaSAOPou8BWinO8DR:8Q9tD5WyQlBBVAnYxRhr8DR
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 3652 7C73.tmp.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 13 iplogger.org 15 iplogger.org -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 22 ip-api.com -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4756 wrote to memory of 3652 4756 Archive.zip__ccacaxs2tbz2t6ob3e.exe 80 PID 4756 wrote to memory of 3652 4756 Archive.zip__ccacaxs2tbz2t6ob3e.exe 80 PID 4756 wrote to memory of 3652 4756 Archive.zip__ccacaxs2tbz2t6ob3e.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\Archive.zip__ccacaxs2tbz2t6ob3e.exe"C:\Users\Admin\AppData\Local\Temp\Archive.zip__ccacaxs2tbz2t6ob3e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4756 -
C:\Users\Admin\AppData\Local\Temp\7C73.tmp.exeC:\Users\Admin\AppData\Local\Temp\7C73.tmp.exe2⤵
- Executes dropped EXE
PID:3652
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
149KB
MD5060404f288040959694844afbd102966
SHA1e0525e9ef6713fd7f269a669335ce3ddaab4b6a1
SHA25640517e822f3442a2f389a50e905f40a6a2c4930077c865e3ea7b1929405f760a
SHA512ddf8c53e1e1888084fa5422f297cc3ba9d97f7576c36f6b633ce67ca789127f7e259e9fb374fcbced66f883dadde0717d81ecce9776770bf07d8cf3b94b1a43f