Overview

overview

10

Static

static

3

Insta乗っ取り.exe

windows7-x64

7

Insta乗っ取り.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Insta乗っ取り.exe

  • Size

    12.5MB

  • MD5

    fe794ef01fc95b216dca533b7ccc8b4c

  • SHA1

    07a5710f43b9e11c13d2ccc8f306c9385d7a9bae

  • SHA256

    48846a5cce72fc0e5e95b20502090054f058102713608f9645a655e8fc46c18d

  • SHA512

    134feb1e211223cd0fd00d575baaf2d5bc2d18be6ab8827df83a6ed12c8c05efee6cdf1c0798e3dfe0c459a114a2ceb4f09c445b31807129b2471aa69a82aa83

  • SSDEEP

    196608:39RVHK+t1R5TYzj8YmmR9hAlh6A5/qJIERkOknerjb6hJGJzYx07KyfBYcr:33VHgzjmmpxAlM1RnahJMYx07KyJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Insta乗っ取り.exe
    "C:\Users\Admin\AppData\Local\Temp\Insta乗っ取り.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Users\Admin\AppData\Local\Temp\onefile_2392_133770880973702000\Insta乗っ取り.exe
      C:\Users\Admin\AppData\Local\Temp\Insta乗っ取り.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2392_133770880973702000\python312.dll
    Filesize

    6.6MB

    MD5

    166cc2f997cba5fc011820e6b46e8ea7

    SHA1

    d6179213afea084f02566ea190202c752286ca1f

    SHA256

    c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

    SHA512

    49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_2392_133770880973702000\Insta乗っ取り.exe
    Filesize

    22.1MB

    MD5

    4314f5d3809c43ccfebae37ffd0b2dec

    SHA1

    54bf997f2dec9d6dc28c0a5e8236a80236923671

    SHA256

    86eab3d51e3411d404935a79aad075901385d4ad6341e2b9a1f186055dc27b18

    SHA512

    38dc3779b42dc6ead71a34f86ab1f3dc63f9d7ef25119fdf36f57c84c35d09433c521f0011b1dc34f4bddd00af2def28c21303856ff3b511a9a7bd97d4c21fa8

    Download Submit

  • memory/2268-32-0x000000013F2E0000-0x0000000140943000-memory.dmp

    Filesize

    22.4MB

    Download

  • memory/2392-59-0x000000013FAF0000-0x0000000140793000-memory.dmp

    Filesize

    12.6MB

    Download