Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2024 09:43

General

  • Target

    04fad9a9d3cba8ff465f8b46946085b60c67a59e048d8b5b49717e6cdf34b247.exe

  • Size

    283KB

  • MD5

    2a099a2cb321a6fb92075cdfec575a03

  • SHA1

    197d2707fde9d5c1f4c6f3977a7be25c34daffc9

  • SHA256

    04fad9a9d3cba8ff465f8b46946085b60c67a59e048d8b5b49717e6cdf34b247

  • SHA512

    5aa80d1fc6e7709d965e3ad72e6742c6fc3ee0b697ce7004a991f640f67a7159151489ebf09b8594480a74223f5ded57c6a9b29e04d3e70323e8d9f9cc72ba17

  • SSDEEP

    6144:6xIuKqfUfpeerAEx2GvVYc3L1Qqls1gHny+MjoCGFDhSFDUTBe:4KCUfDrAEx2GvVYcTHnyJoPFDWDUT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04fad9a9d3cba8ff465f8b46946085b60c67a59e048d8b5b49717e6cdf34b247.exe
    "C:\Users\Admin\AppData\Local\Temp\04fad9a9d3cba8ff465f8b46946085b60c67a59e048d8b5b49717e6cdf34b247.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\extracted_payload.exe
      "C:\Users\Admin\AppData\Local\Temp\extracted_payload.exe"
      2⤵
      • Executes dropped EXE
      PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\extracted_payload.exe

    Filesize

    204KB

    MD5

    d45f2292784bc9e8a19d093e9950673f

    SHA1

    7c4e46b465680ef32ff55fc17916a5f4f6f9dbd5

    SHA256

    a2763124af5630502ace78bd406f0ff15ba6701b29fe38a6a3d60c1e65e9ce73

    SHA512

    a14cbac8377689b06c126c3ee71cc79c8b06e1650ecf0d29c7963425d1842dafb0fd6e1a66df1411cec487f6dcc5b696ee3d7a3f623773be61fd0b7a96646989