7bc13f007e056f037bbe7ca0f2fdf43dd319aea208b45c17bd624773aff8dea6

Analysis

max time kernel
146s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wS-0107-Tkr.exe
Size

55.1MB
MD5

23b030a776770af6b9bc7d2082f0e373
SHA1

270bc0b61ad764b98639bec7d4f2ce2fb7721b6c
SHA256

7bc13f007e056f037bbe7ca0f2fdf43dd319aea208b45c17bd624773aff8dea6
SHA512

877445a4eca6efb9cc5fa91e833f5342305da829dd28491973c039aae3eeb40d5bfeb0b2218d77bc1ebd4d9ac282c7cc637ee1112ae8f829f6840d4c638faf74
SSDEEP

6144:4LWOTHXMw0bZZd3K7z5GovfSZjSRxmdBsDOu:Tu3Z0bZzK7zZCZma

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2636	DEiShDTNpt³.exe

Loads dropped DLL 5 IoCs

pid	Process
2188	cmd.exe
2636	DEiShDTNpt³.exe
2636	DEiShDTNpt³.exe
2636	DEiShDTNpt³.exe
2636	DEiShDTNpt³.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 2188	800	wS-0107-Tkr.exe	28
PID 800 wrote to memory of 2188	800	wS-0107-Tkr.exe	28
PID 800 wrote to memory of 2188	800	wS-0107-Tkr.exe	28
PID 2188 wrote to memory of 2636	2188	cmd.exe	30
PID 2188 wrote to memory of 2636	2188	cmd.exe	30
PID 2188 wrote to memory of 2636	2188	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\wS-0107-Tkr.exe
"C:\Users\Admin\AppData\Local\Temp\wS-0107-Tkr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\ProgramData\YwqiKPftQOVa\DEiShDTNpt³.exe && exit
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\ProgramData\YwqiKPftQOVa\DEiShDTNpt³.exe
    C:\ProgramData\YwqiKPftQOVa\DEiShDTNpt³.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\YwqiKPftQOVa\DEiShDTNpt³.exe

Filesize
80KB

MD5
058eef946157b69ed5e51ada7575afb6

SHA1
45aaa639e7391a74f697265b4126a062981d866f

SHA256
040f24915ec39f1e978f325a9190a7e9c4521ee6faf860acf6eee13d796d6306

SHA512
5528eef32e2c3480eece4836fc98274dc4bb2f11b56a1b5f9c13e3fa70e8a2515bf2536b10f15672f648ae2ef9f750a161c014ae2f3e9fe452ef1439d6389c73

Download Submit
C:\ProgramData\YwqiKPftQOVa\Enscape.dll

Filesize
467KB

MD5
07faa82990bea23edcb8607bacb567ac

SHA1
472b4c7aa1d6464a8543b00e85af3b4bd6db9554

SHA256
55c44d1b852100ff6fb573ce3147939389f112dd1f5bbed11b8bee45476c46e7

SHA512
b70b3b498e4017d756a4177940bdb18df5614a9a57d2cf7dc6b74827f982bfdb51be581a4413c9514187a1ee5577caf99b2f70c7ede6b179ce00e8c2dd641214

Download Submit
C:\ProgramData\YwqiKPftQOVa\MSVCP140.dll

Filesize
580KB

MD5
e5943129c2b18a25cf77cf888844e5a1

SHA1
f3f5e32e33639b7b34c86759efe7fe15b08cb630

SHA256
0310893c2958a285382ddb19b94e7e654600acf94a75f5a363c844c52f2c5375

SHA512
71b894d7a4ffdb66af97c2453b99356f4ff306775428299c47a2af84023d994f1fd20af2950bc6aeaad5e2394b1b3b51905fbe82d800a2346b25a9d455a5ff5b

Download Submit
C:\ProgramData\YwqiKPftQOVa\VCRUNTIME140.dll

Filesize
101KB

MD5
4ffd50749cbbb87a400136bdb9d33334

SHA1
7711709d3cc2baf47f53a13effc1f25077e293e9

SHA256
a99be0c3e3abea781aba0ac6a3e075db2fbd60f58e94a322055cad4ef4d9ea31

SHA512
3cb98a1e2b1c43f9bc7901b5b72cc964cced02f881e5c8c73f33fa6d90ea8c4e6135c4a8d30c898dfafae761bf8e18012c2ccc0c2aba157cf70430ce186b1008

Download Submit
C:\ProgramData\YwqiKPftQOVa\VCRUNTIME140_1.dll

Filesize
45KB

MD5
48297142fd46e8c31176806ad5f9694b

SHA1
ec193380cd3bbf03e5c530e971dbab85acf13e1b

SHA256
01730a0f7bf179ef419d2d29e5e906583fd0c9f94905aa61b74eb8d82ed70eb8

SHA512
ee54bff14980473776f6103f51e2196fdfe4ca898ae19b47be44dd692e78f524ef01e036cc153924d9c58989ba720ed2a3deb6b6d1a2eeeab7baa8d612b870c7

Download Submit
C:\ProgramData\YwqiKPftQOVa\YkgUUaPQDk

Filesize
33KB

MD5
e2949d93c641a8f7d8040cead37649f0

SHA1
cf09be9b9549d4719b407baac0ae248dddecc606

SHA256
0903b2763109e563226965ea70d4ae4f57d49d5d13df50c29a70409c8972ea90

SHA512
74329cb829429b092d6a04909d1bd1d237f650b265abf562b307c28918d98921b947d29650769f7946e2eb27550cf7309057cb96a82b45e1e913b1e1f03d6aed

Download Submit
memory/2636-26-0x000007FEF5803000-0x000007FEF5804000-memory.dmp

Filesize
4KB

Download
memory/2636-27-0x0000000000150000-0x0000000000158000-memory.dmp

Filesize
32KB

Download
memory/2636-28-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

Filesize
9.9MB

Download
memory/2636-29-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

Filesize
9.9MB

Download
memory/2636-31-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

Filesize
9.9MB

Download
memory/2636-30-0x000007FEF5803000-0x000007FEF5804000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads