Analysis
-
max time kernel
21s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
09-11-2024 07:54
Static task
static1
Behavioral task
behavioral1
Sample
8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014.exe
Resource
win10v2004-20241007-en
General
-
Target
8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014.exe
-
Size
11.3MB
-
MD5
72049d7eaee465534cd12e5d10feb00a
-
SHA1
de32b95447e9eb39890060b1009afeded3fd057c
-
SHA256
8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014
-
SHA512
4e98e0079af1da81c47b4c8c1f62d3e05c003eac1a2f3948a37be492aa4a7aba61352bf5da3ecc688af181efce2f0728434e61a2808b99e112827142583b9a24
-
SSDEEP
196608:sqw1S3tU5FbqOjlPOH6/B5ppJ6AGCwnabJge/Vspg0pi5HSOQjLAoQiA9K0mZ1dF:aFbqOtm6VpJTbGe/zR5yLPAoQius5cqJ
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
pid Process 2280 stub.exe 2888 stub.exe 1388 Process not Found -
Loads dropped DLL 3 IoCs
pid Process 2684 8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014.exe 2280 stub.exe 2888 stub.exe -
resource yara_rule behavioral1/files/0x000500000001a4c7-59.dat upx behavioral1/memory/2888-61-0x000007FEF6350000-0x000007FEF6938000-memory.dmp upx -
Detects Pyinstaller 1 IoCs
resource yara_rule behavioral1/files/0x00080000000175ae-9.dat pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2684 wrote to memory of 2280 2684 8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014.exe 31 PID 2684 wrote to memory of 2280 2684 8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014.exe 31 PID 2684 wrote to memory of 2280 2684 8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014.exe 31 PID 2280 wrote to memory of 2888 2280 stub.exe 32 PID 2280 wrote to memory of 2888 2280 stub.exe 32 PID 2280 wrote to memory of 2888 2280 stub.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014.exe"C:\Users\Admin\AppData\Local\Temp\8d5a5ce35aa44311752bb0dca781c3618f4ef904a5f603891d0ddbb45a035014.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\stub.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\stub.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\stub.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\stub.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2888
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10.9MB
MD5f2325513cec3a9a2ae5c3613b7c8604a
SHA151f54f9a39edada9fab81e630ac62b04f74427b9
SHA2569f21637ec3141fb9d107cb73af85b5079435b0dc1acb5b0fa989fb03916f87cb
SHA512ad1985865cb31081c3fbf24c57ce2cfa4b3b31b9db3cfde45e25b252162c25a31dabe464fdcbe96042d6ee3e3508e937bec838f6a8a91cbeddbdd45479afa17c
-
Filesize
1.6MB
MD5db09c9bbec6134db1766d369c339a0a1
SHA1c156d9f2d0e80b4cf41794cd9b8b1e8a352e0a0b
SHA256b1aac1e461174bbae952434e4dac092590d72b9832a04457c94bd9bb7ee8ad79
SHA512653a7fff6a2b6bffb9ea2c0b72ddb83c9c53d555e798eea47101b0d932358180a01af2b9dab9c27723057439c1eaffb8d84b9b41f6f9cd1c3c934f1794104d45