Overview

overview

7

Static

static

3

External.exe

windows7-x64

7

External.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 15:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    External.exe

  • Size

    10.3MB

  • MD5

    7d320a5d8423d9dc416970adfade2ee5

  • SHA1

    b99fc56c3f36c6a63a7008775f7d65b78d047eba

  • SHA256

    cda50f53bb85fca493d73810e5fa36f325d9d02abeb8fe8b4507d61d50d28178

  • SHA512

    f242c6f0c6639cd003c44aeef5710f1d629f1eef3ffcb77728b598df6eac6126b323de29307ad7b6b1ee2d090f3380ae50dfe3de0733197ff82c3e7c2a3242d8

  • SSDEEP

    196608:UWEk1CtNpVEo+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6+lm+iITxQmb6V:NEk1Ct/VEb2XMCHWUjAjx5WsqWxT9fTU

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\External.exe
    "C:\Users\Admin\AppData\Local\Temp\External.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Users\Admin\AppData\Local\Temp\External.exe
      "C:\Users\Admin\AppData\Local\Temp\External.exe"
      2⤵
      • Loads dropped DLL
      PID:2068
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3004

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI25202\python312.dll
          Filesize

          6.6MB

          MD5

          166cc2f997cba5fc011820e6b46e8ea7

          SHA1

          d6179213afea084f02566ea190202c752286ca1f

          SHA256

          c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

          SHA512

          49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

          Download Submit

        • memory/3004-129-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3004-130-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3004-131-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download