Overview

overview

7

Static

static

3

main/main.exe

windows7-x64

7

main/main.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    23s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main/main.exe

  • Size

    15.0MB

  • MD5

    91343df0f3ab8ad17d4ca181fec56fe5

  • SHA1

    739a49d839e7c151a7bb4e38be7a61d89f77d892

  • SHA256

    f29faf86946c32e32779b24d8073e84e7f2240c0ae933fbabe2b51a0ca5b087f

  • SHA512

    7a29ed9a2c0d8913c59612a502bbd9a0e693392ebf98a185fa960df642b41ed6073c90f77236f64aeca5689569895efbee79a1fe0dcbaf9a71f0fb7295bddfa1

  • SSDEEP

    196608:KW9vGu/EtMw/wAcLFGb9R+kt8fxT5J1cT68B7ltO8M6txGKGEII4P/cciSRwtxUR:n1GIEmw/HtED+DYuXXE/qSMUtN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main\main.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Users\Admin\AppData\Local\Temp\onefile_2732_133701233554526000\main.exe
      "C:\Users\Admin\AppData\Local\Temp\main\main.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2732_133701233554526000\python311.dll
    Filesize

    5.5MB

    MD5

    387bb2c1e40bde1517f06b46313766be

    SHA1

    601f83ef61c7699652dec17edd5a45d6c20786c4

    SHA256

    0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

    SHA512

    521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_2732_133701233554526000\main.exe
    Filesize

    24.5MB

    MD5

    5786ab70dc7a14d4206a6c7ded3d11bd

    SHA1

    b1048d336c9b27822c27dfd6f47989a888bfa4f2

    SHA256

    e8ac7e593b6986dfe29e2d24c312efee7262a388f0a3cf69ff2d38679df7f8e5

    SHA512

    40c78a7361fd8b328131ecbe07bc1aaf9799534c892fcf548b4641140cbb40db3af1743aa005c73ee345e696f2f2ad4043c8a3c64122bfaa7b8de8a69846e33f

    Download Submit