81aa4ac918be72376da37c679c7c748be250389be50740814bb7b48085ec17da

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cd6609c715ce715881be4e96a7684d0N.exe
Size

386KB
MD5

0cd6609c715ce715881be4e96a7684d0
SHA1

1f292b7d1a99ad8219bba32ae5afe109f4b44122
SHA256

81aa4ac918be72376da37c679c7c748be250389be50740814bb7b48085ec17da
SHA512

4407a9d78f71f4f6e01bcc108241066897a75196f5024534d3bc022cb22f0c804f311b480a1678edf5b076b8a817a11fc0b29dd24d30bbb798917988b8c197b8
SSDEEP

6144:uRgtpldHfDWPknI7tRr6DdRhLXWakJRUUr+BMqKllHKAzo+pO7HHAWQUI:GGfDWPkIBRr6DhLkbiBfClHrzo+6H1I

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
760	setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2156	0cd6609c715ce715881be4e96a7684d0N.exe
760	setup.exe
760	setup.exe
760	setup.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
760	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 760	2156	0cd6609c715ce715881be4e96a7684d0N.exe	28
PID 2156 wrote to memory of 760	2156	0cd6609c715ce715881be4e96a7684d0N.exe	28
PID 2156 wrote to memory of 760	2156	0cd6609c715ce715881be4e96a7684d0N.exe	28
PID 2156 wrote to memory of 760	2156	0cd6609c715ce715881be4e96a7684d0N.exe	28
PID 2156 wrote to memory of 760	2156	0cd6609c715ce715881be4e96a7684d0N.exe	28
PID 2156 wrote to memory of 760	2156	0cd6609c715ce715881be4e96a7684d0N.exe	28
PID 2156 wrote to memory of 760	2156	0cd6609c715ce715881be4e96a7684d0N.exe	28

C:\Users\Admin\AppData\Local\Temp\0cd6609c715ce715881be4e96a7684d0N.exe
"C:\Users\Admin\AppData\Local\Temp\0cd6609c715ce715881be4e96a7684d0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\difBD47.tmp

Filesize
803B

MD5
ced1ff393d8ca449f85b1a123fadda46

SHA1
fe48a058287256af124f44e5627abd53da9a34bf

SHA256
4138878464d2d0b13d9b4bbc98a51c00327bdd0fa3537784e6bf072809c8e4fe

SHA512
7849ee48e53f0ca890aa6353962afc604c4726bcd3711f815f2d7c62b24a4f1a09462840500ed51b222dad012196b5a6b2a0b3a98a27abb22458719796c1f3cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\data.pck

Filesize
345KB

MD5
a9e61ee985ebf5db9351663ab8a1bfe4

SHA1
ac7cc946428329d1c6810de1c33d045329ee214e

SHA256
f9bbaa1aaa5108a676f2343934b3217882cf18a24b5673349df2e5a7e48bcdd8

SHA512
4645105769ed16eec35fb9b1f051c912280cdcf8ca8b42070bba396e76051371ee4f13f929030d66f17cfaeb6e3bd75f6e0f83dbf32aa3984d048d256bc42600

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\index.scr

Filesize
803B

MD5
1596efec54de129ca5aa1f96cdc53afe

SHA1
59148fdb0642f17d1889ac85fa5e381469b8d50e

SHA256
9d154d97181a9aa86169ccbc5a198ae5353c1e740ea214a21ac7491507585285

SHA512
fe300b060028b6a05cac67cc274f74cd77621db85e18fc8ad47e4941bf9ac9bbf04b4dca075018431c9374d515093c742852009f7ebcdfe8c6952e2589199608

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\link.dat

Filesize
25B

MD5
3255bb4f6dc60283e25bb5fb10237944

SHA1
a130fa0e36f135999a7a9d4927bb14b5ed7bf5fa

SHA256
59a0be4469d7b767592c71fc4a6613baa05becef9d2e59c5bcb5e1ad3945eb3b

SHA512
1acdd615820fedb4c998a97a1209e0e53080479b196b9c49d80490fcb5dd5413154dc5a8c6026fe148da29b9ae51bc9db8c518d62f2f85f0c01bb59c666a4d4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\pbin.da_

Filesize
183KB

MD5
955f6b3c0e21fb7ce8f9bfe4c76b56f6

SHA1
36d75bdbdad859dee17ce023cabf2ce92b3b0cda

SHA256
c8a0d3caa52f7eac5ae021db03b13e9e6dfb4ccda03cec5a852e417ff2b2076f

SHA512
4740796d363509c0b9eab816a4d870c7a5c14b06a4eb2dd0dbec08e00c179d53f848f0723e5491c176fa6533346ac25399520a3d44fe8672753d5039333e95ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\puzzle.pzl

Filesize
118KB

MD5
75c03d93672d44d3125dbe279c3798af

SHA1
6ec087e33229a663f623d26a95372c31e063ac89

SHA256
4671210647ba46c0446fb6ba167d0272d6ccb9a65b1e02f0c5ee1db406d5267e

SHA512
655cdae2bf991eb643c15b7416bbfd1d07d862580059598042b2e929ed5a0b4cfcddae4feef9d77d62b9b079e613327a08664dd285ec883832a7d004ced4c845

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\lang.ini

Filesize
10KB

MD5
cedfd1c79c51b026a3f87794150a5039

SHA1
d373440a1f2fd8581861d7b7090085c5484b6087

SHA256
ba5ef58a17d91c7f8f39d2da9e841a162c806269e6f2bb4b689a8e9b1d0a9a80

SHA512
f48718440741fbcd80cf5b764c20629f82a527e260cb31297d40cdce22e7c3ceaac69077dc54a87767a7eac2bc826fb8f9743273049d52b0891819a089808ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\skin.ini

Filesize
1KB

MD5
393a22419b84a1219194cd6542a23c93

SHA1
f480bbfb8009844782366a3dec2ad23266dc48bc

SHA256
c46fe077a9206c75b2a6068dd6929c09df9bc616adb3caf7f1443a90f0276468

SHA512
beadbda583bf63e31a247ddcea59d7033f6cfd385e6d6bf3fc3884855ddf4b04d05f1d739f36a19319263951605bdfc00a4cc11380d978ffe2b28d4c3d35bee4

Download Submit
\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe

Filesize
304KB

MD5
b250fbbcea02a085273633f534c869c6

SHA1
a6e0881a4d5d30127a4a19d65510076cc221382b

SHA256
a8310c8bc3c4ee9a361f52e6e443778988ce7d640ec5abf45b063ce918f342e3

SHA512
7e87c51867856ab50c3141b67bc7b27ef8ca685c25baf6f60b8ba7312be2788fa31d28dc1d9cf163df9a897fb71da237bddda8b3adb97c66b1391fe8d67a1a8d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads