Overview

overview

10

Static

static

10

7282a7060d...a7.exe

windows7-x64

10

7282a7060d...a7.exe

windows10-2004-x64

10

7286d086dc...6f.exe

windows7-x64

10

7286d086dc...6f.exe

windows10-2004-x64

10

729c059086...ed.exe

windows7-x64

10

729c059086...ed.exe

windows10-2004-x64

10

72f303c648...1a.exe

windows7-x64

7

72f303c648...1a.exe

windows10-2004-x64

7

72f4a85245...cc.exe

windows7-x64

10

72f4a85245...cc.exe

windows10-2004-x64

10

72ff89c7cd...9f.exe

windows7-x64

10

72ff89c7cd...9f.exe

windows10-2004-x64

10

7307a761db...38.exe

windows7-x64

10

7307a761db...38.exe

windows10-2004-x64

10

7309f93555...28.exe

windows7-x64

3

7309f93555...28.exe

windows10-2004-x64

10

730efb97bd...a1.exe

windows7-x64

7

730efb97bd...a1.exe

windows10-2004-x64

7

732ab0ac86...7a.exe

windows7-x64

10

732ab0ac86...7a.exe

windows10-2004-x64

10

73522a2d41...71.exe

windows7-x64

10

73522a2d41...71.exe

windows10-2004-x64

8

7355fddf5e...6e.exe

windows7-x64

10

7355fddf5e...6e.exe

windows10-2004-x64

10

736e4ed229...93.exe

windows7-x64

7

736e4ed229...93.exe

windows10-2004-x64

10

73bc8a93cd...07.exe

windows7-x64

10

73bc8a93cd...07.exe

windows10-2004-x64

10

73d6911ed2...07.exe

windows7-x64

10

73d6911ed2...07.exe

windows10-2004-x64

10

73eb32431f...ff.exe

windows7-x64

7

73eb32431f...ff.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    87s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73eb32431f602f42759a38c5eab47eff.exe

  • Size

    220KB

  • MD5

    73eb32431f602f42759a38c5eab47eff

  • SHA1

    91a96c20d061045188cc0536ee698f58293dd314

  • SHA256

    b81ac7df79d0575b92c6793db9ebab3e90ff09dabf6eef8c56ab3b6bd19fff9a

  • SHA512

    f0be2833d56d671a6f51f1503ff2b70196c0a217c3913b23f2994b7f42a82fa3a5e45b525a575eceb5a260224781a756fcd6bb0f2b90ead7aa6082a6d1009dd5

  • SSDEEP

    3072:YsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRmh:ZR5IuMQoseGk7RZBGxAycKpSPX2q

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73eb32431f602f42759a38c5eab47eff.exe
    "C:\Users\Admin\AppData\Local\Temp\73eb32431f602f42759a38c5eab47eff.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Users\Admin\AppData\Local\_foldernamelocalappdata_\C_1000732.exe
      "C:\Users\Admin\AppData\Local\_foldernamelocalappdata_\C_1000732.exe"
      2⤵
      • Executes dropped EXE
      PID:2536
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      2⤵
        PID:2932
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c timeout /t 5 && del "C:\Users\Admin\AppData\Local\Temp\73eb32431f602f42759a38c5eab47eff.exe" && del "C:\Users\Admin\AppData\Local\Temp\73eb32431f602f42759a38c5eab47eff.exe.config"
        2⤵
        • Deletes itself
        • Suspicious use of WriteProcessMemory
        PID:2868
        • C:\Windows\system32\timeout.exe
          timeout /t 5
          3⤵
          • Delays execution with timeout.exe
          PID:1676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\_foldernamelocalappdata_\C_1000732.exe
      Filesize

      220KB

      MD5

      f3aa0e3038d8f7545292e2314031d590

      SHA1

      c24315713357c2fbcd8f6f892f2e5172e875e431

      SHA256

      d5d0cf22c319d7cfd17f34f90aace34a74aa2d47a6a99cbcaf4d976b14ae96b3

      SHA512

      b9e89e2a177980ce4fb680fd7411af014ad04f001343576fb7ecbe6f957bd446873b491fb5c451cf0437ad249f5f6ca9d4a02b217930cc8662972295d630eb97

      Download Submit

    • C:\Users\Admin\AppData\Local\_foldernamelocalappdata_\C_1000732.exe.config
      Filesize

      1KB

      MD5

      dd3d04c365984b4ec57a80503f81fddf

      SHA1

      c55fbcb61818e47dac9aae465faff91f0805bd7c

      SHA256

      40a59ca9744dc3d4647f246b2dc553f37f8095418c1b48a9bd94cdb5c03dbc5c

      SHA512

      0dd459def2abe9e3f0d1251049a0755c63f7dd3d85e91dba272c3f479f2578e3f3f2379e1cd6913190f7f596af721201eb5d9423ab28aed72bde5cd3cac7f785

      Download Submit

    • memory/2536-15-0x000007FEF3FE0000-0x000007FEF497D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2536-16-0x000007FEF3FE0000-0x000007FEF497D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2536-18-0x000007FEF3FE0000-0x000007FEF497D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2676-2-0x000007FEF3FE0000-0x000007FEF497D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2676-3-0x0000000000FF0000-0x0000000001012000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2676-4-0x000007FEF3FE0000-0x000007FEF497D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2676-8-0x000007FEF3FE0000-0x000007FEF497D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2676-1-0x000007FEF3FE0000-0x000007FEF497D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2676-14-0x000007FEF3FE0000-0x000007FEF497D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2676-0-0x000007FEF429E000-0x000007FEF429F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2676-17-0x000007FEF3FE0000-0x000007FEF497D000-memory.dmp

      Filesize

      9.6MB

      Download