Overview

overview

10

Static

static

3

Insta.exe

windows7-x64

7

Insta.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Insta.exe

  • Size

    12.8MB

  • MD5

    e21fd8ef888e05f308e2c46d1733a0ef

  • SHA1

    38359f8b6e7c11a420fd25dfdf38bc19c5582b50

  • SHA256

    66ad55b3a7b62bc106828279bef2c5281c6533d9ac03be91f51a12a84586969f

  • SHA512

    e64558b77fb9278e9b357c1d11044a2f1e0068215e7a6637644e56b4c8acc39797aecc7aa6bfc42b10e18b5c4a81d6bd2c4ee924467d6ee661049aa1fae457cb

  • SSDEEP

    393216:gJFKdK/Rbqmv86m+1YqliAL/i1KpcUVrlXEZxa:gJ7Rm286nuWiALq1KpPHUZxa

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Insta.exe
    "C:\Users\Admin\AppData\Local\Temp\Insta.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\onefile_2232_133770984874416000\Insta乗っ取り.exe
      C:\Users\Admin\AppData\Local\Temp\Insta.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2232_133770984874416000\Insta乗っ取り.exe
    Filesize

    23.3MB

    MD5

    e4be521d3a7573e03485bd593b8fdaa0

    SHA1

    ddb5112286dceefc813827180fb70766655d06da

    SHA256

    8176480d4c21aaf2f9d821d01e1890b0d3563c40dc0077514987665f4c7473cb

    SHA512

    875bd0ea18a4c67c31ce0deb1bc3b8c899d77b8323e99c3f0ccdb5f1fd49263841003cbbcb5ff9fd410b3fb3ed7a8a6ff4cae0f2b5320fd5f17011cc5e0b91a9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_2232_133770984874416000\python312.dll
    Filesize

    6.6MB

    MD5

    166cc2f997cba5fc011820e6b46e8ea7

    SHA1

    d6179213afea084f02566ea190202c752286ca1f

    SHA256

    c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

    SHA512

    49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

    Download Submit

  • memory/2232-65-0x000000013F370000-0x000000014006A000-memory.dmp

    Filesize

    13.0MB

    Download

  • memory/2908-35-0x000000013F480000-0x0000000140C11000-memory.dmp

    Filesize

    23.6MB

    Download