e68d23feaf21b116b0bdeb7c667f8fb547a58f53437dd9e3f9141b5afc6dddcd

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sfbrename-cli-1.0.0-win64/sfbrename.exe
Size

109KB
MD5

f7b36505c091d8cb6ebfa731fc39b740
SHA1

59e3746ce3e2faedf2bb96d8301877ebdd253c1e
SHA256

089f71aa1a2ca6c83ea2ec71061417817b23c23cb608cc7186d5fc41f8678766
SHA512

86fbea498d27ddf107be2b3e84980f92e97af3aeadc590450e967e39de028774fc11557b65d4ba9ee5f91941d4257d84cdfa3cf67d03276ab037b5f080c0102a
SSDEEP

3072:iw5VbBMODyPwZGzx+C9Yj0VWGhLEKM/Tg7SlyJEl9f:l5lq0gL8FyilJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 3064	2584	sfbrename.exe	31
PID 2584 wrote to memory of 3064	2584	sfbrename.exe	31
PID 2584 wrote to memory of 3064	2584	sfbrename.exe	31

C:\Users\Admin\AppData\Local\Temp\sfbrename-cli-1.0.0-win64\sfbrename.exe
"C:\Users\Admin\AppData\Local\Temp\sfbrename-cli-1.0.0-win64\sfbrename.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Users\Admin\AppData\Local\Temp\sfbrename-cli-1.0.0-win64\gdbus.exe
  "C:\Users\Admin\AppData\Local\Temp\sfbrename-cli-1.0.0-win64\gdbus.exe" _win32_run_session_bus
  2⤵
  PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.dbus-keyrings\org_gtk_gdbus_general

Filesize
78B

MD5
5fd3a29112cfaf549c8163c9bf59619b

SHA1
10e9b5545f2fcbac76cc34ec20172e5d4a6e98eb

SHA256
7ce8cc4d2feda47059429c61f5e4c79efd64c1cdf4257e238db984b9d4e962fd

SHA512
558e8a2db95abf8bd6b2b5f1f69e257e36a9a9a4e647d5405cbf1f30a1cffa0b9cf61b634712cd07b3f3a6582425a91b00337255d6892788e2c228fc81917677

Download Submit
C:\Users\Admin\AppData\Local\Temp\gdbus-nonce-file-XSDST2

Filesize
16B

MD5
a77329f938130934e49d616da3c8bc0e

SHA1
168870971c809ed5a8d3bc75660e722440ff8d14

SHA256
f017354ed566a02420bd78bfc8ec63d78c6d0ef198f198cb42e3c0112cdcb317

SHA512
2311518f34f453cc76ef9251e75f800b7e18e8747be568c7942f1213a769c0489a1a3c66705819fd0cfd4150589622396b43ac593ef1b0a4c4cd185b57009625

Download Submit
memory/2584-8-0x000007FEF72D0000-0x000007FEF73E9000-memory.dmp

Filesize
1.1MB

Download
memory/2584-7-0x000007FEFAE00000-0x000007FEFAE28000-memory.dmp

Filesize
160KB

Download
memory/2584-12-0x000007FEFBF20000-0x000007FEFBF2F000-memory.dmp

Filesize
60KB

Download
memory/2584-11-0x000007FEF7280000-0x000007FEF72CD000-memory.dmp

Filesize
308KB

Download
memory/2584-10-0x000007FEF6D80000-0x000007FEF6ECF000-memory.dmp

Filesize
1.3MB

Download
memory/2584-9-0x000007FEF8410000-0x000007FEF8434000-memory.dmp

Filesize
144KB

Download
memory/2584-14-0x000007FEFBF10000-0x000007FEFBF20000-memory.dmp

Filesize
64KB

Download
memory/2584-13-0x000007FEF6D20000-0x000007FEF6D77000-memory.dmp

Filesize
348KB

Download
memory/2584-6-0x000007FEF7860000-0x000007FEF7A04000-memory.dmp

Filesize
1.6MB

Download
memory/2584-5-0x000000013F140000-0x000000013F163000-memory.dmp

Filesize
140KB

Download
memory/3064-23-0x000007FEF6D20000-0x000007FEF6D77000-memory.dmp

Filesize
348KB

Download
memory/3064-20-0x000007FEF6D80000-0x000007FEF6ECF000-memory.dmp

Filesize
1.3MB

Download
memory/3064-18-0x000007FEF7860000-0x000007FEF7A04000-memory.dmp

Filesize
1.6MB

Download
memory/3064-17-0x000007FEF72D0000-0x000007FEF73E9000-memory.dmp

Filesize
1.1MB

Download
memory/3064-16-0x000007FEFAE00000-0x000007FEFAE28000-memory.dmp

Filesize
160KB

Download
memory/3064-15-0x000000013F680000-0x000000013F695000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads