Overview

overview

7

Static

static

3

Unconfirme...67.rar

windows7-x64

3

Unconfirme...67.rar

windows10-2004-x64

3

ELB & SLAY...NU.exe

windows7-x64

7

ELB & SLAY...NU.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-07-2024 08:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ELB & SLAY MENU/ELB & SLAY MENU.exe

  • Size

    10.4MB

  • MD5

    f64784749f538b1ca5c898d75446e1f6

  • SHA1

    d6f078b7b89e4fbcb5569bb09c9bc9e1b2f0a230

  • SHA256

    efc4823131f459c5397874ff0c99a48e0ff4e3dba11a04893e7cab32ad647e09

  • SHA512

    52510d3d3220e53330ea3c8f2c6d2a5c975effbb2099154722c0bdbcfd8ac610ba57a92e7c31728d4bd333036f8b3678e7e80821a436c1eb2fd9e495016d9d60

  • SSDEEP

    196608:3e2ACZwED+90lkAtPYdkvZePo+VcxYi5MmEso0mGqw2gDQT/EGTIAp:33Aew4M0lnPPvZ2jcxyymVw2iQDEMIK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ELB & SLAY MENU\ELB & SLAY MENU.exe
    "C:\Users\Admin\AppData\Local\Temp\ELB & SLAY MENU\ELB & SLAY MENU.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3536
    • C:\Users\Admin\AppData\Local\Temp\is-SNOGL.tmp\ELB & SLAY MENU.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SNOGL.tmp\ELB & SLAY MENU.tmp" /SL5="$B0050,9928262,916992,C:\Users\Admin\AppData\Local\Temp\ELB & SLAY MENU\ELB & SLAY MENU.exe"
      2⤵
      • Executes dropped EXE
      PID:556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-SNOGL.tmp\ELB & SLAY MENU.tmp
    Filesize

    3.0MB

    MD5

    a565946f9c6158884d96e12f67807a1b

    SHA1

    6d3eaf93cd7e405d7e907080e39d89ef4f37c6d6

    SHA256

    cb21bafd7d49ff64962bf9b95670b815ab2d6f6f7a967e4d958354ab293a0342

    SHA512

    c320864a3bb2226585cbac3eb9a159921ab74fcdfab1411a7fb83bdbf25401e148791fe1eef1fa52e21c46f426d0184acfd9410f80740b82f42d4f8cc5cb609c

    Download Submit

  • memory/556-6-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/556-9-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3536-0-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download

  • memory/3536-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/3536-8-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download