Overview

overview

7

Static

static

3

crack/crack.exe

windows7-x64

1

crack/crack.exe

windows10-2004-x64

1

ecmerge-1....32.exe

windows7-x64

7

ecmerge-1....32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2024 22:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ecmerge-1.2.34.win32.exe

  • Size

    3.9MB

  • MD5

    a5cd7a73982e0dfbd2c99cbb0b6aa2c4

  • SHA1

    fb695b7c0f39944a4b1e5d60265ba5ad6b138869

  • SHA256

    f49fe28609b59fa318c8da59f2d14f6bd502dcdbe4e2527a89f4b062ad14fedd

  • SHA512

    07fd979dd540836bd406202c3cc4086931dcb8963c6a78d485015607af4c195557f25f49066292e992642c124a6ada09ea48f9988e51c9ec9fccc0b9c4529dbb

  • SSDEEP

    98304:UdqwuwE9xPulysV/xoLva9SIEUi+SUfvC2YG6uLpvcarWTrY6:cVSUMsYLvayaaylLSaQc6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ecmerge-1.2.34.win32.exe
    "C:\Users\Admin\AppData\Local\Temp\ecmerge-1.2.34.win32.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Users\Admin\AppData\Local\Temp\is-O2LCT.tmp\is-Q584P.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-O2LCT.tmp\is-Q584P.tmp" /SL4 $801EE "C:\Users\Admin\AppData\Local\Temp\ecmerge-1.2.34.win32.exe" 3843776 62464
      2⤵
      • Executes dropped EXE
      PID:4920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-O2LCT.tmp\is-Q584P.tmp
    Filesize

    653KB

    MD5

    e037eb045e554e3fe42d4f7273adc1f9

    SHA1

    447ba7cebf16ca115fa25441c859709c2d907f77

    SHA256

    27a3cdeebe6be2a11af39986119c05e00b4c8e7773989db7c9f9e4439d5b77b3

    SHA512

    c0b3d9cbfe29128e9c8ecd89a103f88e179b5bf8b16edf664470371041c7316fc834d2193af08e829e6945482816635ec989336f1d07e2c2ba1e80cfc1baefa4

    Download Submit

  • memory/960-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/960-2-0x0000000000401000-0x000000000040A000-memory.dmp

    Filesize

    36KB

    Download

  • memory/960-12-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4920-7-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download

  • memory/4920-13-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download