Overview

overview

7

Static

static

3

b807450310...0N.exe

windows7-x64

7

b807450310...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    100s
  • max time network
    110s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8074503101d730ed517d899dc59a8a0N.exe

  • Size

    81KB

  • MD5

    b8074503101d730ed517d899dc59a8a0

  • SHA1

    703cf456032e047cbe85db83f8a15427b9f2906c

  • SHA256

    a63a172cfaa9a940d5d0c2cf74e01c1553524a83ca3003b828a8d3083557d2f9

  • SHA512

    00f2de5b097c75d28be93a78a408cbc85520ce6878c0dcf12252d82ed2eb49809f82d8f1d4fbe3154adcda96339cf297ff8f13126ca18a48f2c0efc4880de4a0

  • SSDEEP

    1536:lU2Q/wyCcyp4OH5/PNP4h1d+gXk8kxYX14N0kHaSLWfUaupwNO+k+SWE:lUtw6Rh1d+g0xYX14N00aSsU5wO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8074503101d730ed517d899dc59a8a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8074503101d730ed517d899dc59a8a0N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\murzuja.exe
      C:\Users\Admin\AppData\Local\Temp\murzuja.exe
      2⤵
      • Executes dropped EXE
      PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\murzuja.exe
    Filesize

    81KB

    MD5

    327890b8c6f7b72d63b78c472515e6b1

    SHA1

    50b81e790620f46098bb9aa2c3ac9ad672afd43b

    SHA256

    a2f9257195439389eaaabc66948fbfc4e8788248b60f6b2ec807d88d23f76653

    SHA512

    51dcfb548c08cf4834ade6ee82ad9ce4036f61f06cfde67f59e26edd47b5a008f43105233dfe3772034c4cc44acc7b91a868d671a8a15559a6e91f3f6744fec3

    Download Submit

  • memory/2232-1-0x0000000000401000-0x0000000000404000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2240-7-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download