Overview

overview

10

Static

static

3

Insta.exe

windows7-x64

7

Insta.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 12:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Insta.exe

  • Size

    12.8MB

  • MD5

    82257be1736aee6d3ef49de226f11671

  • SHA1

    84c4dc5aca17f73938a52301838efc3a2708f029

  • SHA256

    b3f6008da82dde6bb604020a51b04580e7de9a4024ffbaceb9d2720164ff58f8

  • SHA512

    a0cc1eaf7c557c004178f16ecf0f1a89d4a35f0102ca409850236159a21c152a89ede9d5ff65c8b395326aa1c14e8934311a8f67aec099aed5836fbedc4743f7

  • SSDEEP

    393216:0Yzlg4gehlYs4S1sow440korYO+BJCW2:1l3MoJvrYOkg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Insta.exe
    "C:\Users\Admin\AppData\Local\Temp\Insta.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Users\Admin\AppData\Local\Temp\onefile_2308_133770992563858000\Insta乗っ取り.exe
      C:\Users\Admin\AppData\Local\Temp\Insta.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2308_133770992563858000\python312.dll
    Filesize

    6.6MB

    MD5

    166cc2f997cba5fc011820e6b46e8ea7

    SHA1

    d6179213afea084f02566ea190202c752286ca1f

    SHA256

    c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

    SHA512

    49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_2308_133770992563858000\Insta乗っ取り.exe
    Filesize

    23.3MB

    MD5

    609291850462a8bfb3f43cfb5ed927d4

    SHA1

    29a6fef7ebe4a1ba8f742052c8e4e299a4d30d0d

    SHA256

    6a868bf3eb37044505646f8de4ed7804eb66c4001ea45e563b6fa4b1764f228e

    SHA512

    9140c39d0f471e89b23628169f10e2e5f19130657b2cd595a65c3f31e5b7949440928b6c69db251badcdc068f86299be4c8d54347821af3d64b3790f78f5e6eb

    Download Submit

  • memory/2308-65-0x000000013FA30000-0x000000014072D000-memory.dmp

    Filesize

    13.0MB

    Download

  • memory/2928-35-0x000000013FA00000-0x00000001411A0000-memory.dmp

    Filesize

    23.6MB

    Download