Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 01:16

General

  • Target

    50f9e6cca7d09a8e75615634e0e497fcca48069df7f243060f6c30e91de514a0.exe

  • Size

    69KB

  • MD5

    390a3755dcdb75b85b597244edd1914a

  • SHA1

    dd70e1f0c9442d23f66b6a4224448728c6b84183

  • SHA256

    50f9e6cca7d09a8e75615634e0e497fcca48069df7f243060f6c30e91de514a0

  • SHA512

    bc0366513b6ca66bd9ebeb2739c54a97939fc35f7cd2d74bf076ff93bf5b274f9cb7efc69f9deaeb5f2e896c322071fd57817ad6b2fe830fa8ad540a26ba001e

  • SSDEEP

    768:7zrvRTYS4YxeO7ZD4SrcIuMHuOt79NguEdC+1986wzy7crreZAaf8Ic8vprE54Gf:7zx/oOfr9ltc19v6reZDf8Ic85E5Zf

Score
10/10

Malware Config

Signatures

  • Detects Latrodectus 2 IoCs

    Detects Latrodectus v1.4.

  • Latrodectus loader

    Latrodectus is a loader written in C++.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\50f9e6cca7d09a8e75615634e0e497fcca48069df7f243060f6c30e91de514a0.exe
    "C:\Users\Admin\AppData\Local\Temp\50f9e6cca7d09a8e75615634e0e497fcca48069df7f243060f6c30e91de514a0.exe"
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Users\Admin\AppData\Roaming\Custom_update\Update_d63db7da.exe
      "C:\Users\Admin\AppData\Roaming\Custom_update\Update_d63db7da.exe"
      2⤵
      • Executes dropped EXE
      PID:2400
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1928 -s 256
      2⤵
        PID:540

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Roaming\Custom_update\Update_d63db7da.exe

      Filesize

      69KB

      MD5

      390a3755dcdb75b85b597244edd1914a

      SHA1

      dd70e1f0c9442d23f66b6a4224448728c6b84183

      SHA256

      50f9e6cca7d09a8e75615634e0e497fcca48069df7f243060f6c30e91de514a0

      SHA512

      bc0366513b6ca66bd9ebeb2739c54a97939fc35f7cd2d74bf076ff93bf5b274f9cb7efc69f9deaeb5f2e896c322071fd57817ad6b2fe830fa8ad540a26ba001e

    • memory/1928-8-0x000000013F4C0000-0x000000013F4D5000-memory.dmp

      Filesize

      84KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.