Analysis
-
max time kernel
19s -
max time network
22s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
08/08/2024, 13:20
General
-
Target
n.exe
-
Size
6.9MB
-
MD5
1251c279a23ec082eb1c1323ac49be8c
-
SHA1
d3ec2d6fe22be8971c0167f42a860d2f088ed801
-
SHA256
16c5196de389e9c742a4f2d4a4310e12bfd2d95288cf273b4a5e1b57261f76ff
-
SHA512
b922681e8ac8ae505d04c470cb22784b30168c1c0fcfbde68f76f8371a827ed70c7624ae2394e66ae3ceb1258d50ddf1008a2752b62c8166691420d1297a0664
-
SSDEEP
196608:x/wTxwuLlA1HeT39IigJ1ncKOVVtk7ZZtQcNP+P:0qr1+TtIi00VQ/6Z
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\n.exe"C:\Users\Admin\AppData\Local\Temp\n.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\n.exe"C:\Users\Admin\AppData\Local\Temp\n.exe"2⤵
- Loads dropped DLL
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ResumeUnpublish.css1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD5d521654d889666a0bc753320f071ef60
SHA15fd9b90c5d0527e53c199f94bad540c1e0985db6
SHA25621700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2
SHA5127a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3