Overview

overview

10

Static

static

10

98cae67f5c...4f.exe

windows7-x64

7

98cae67f5c...4f.exe

windows10-2004-x64

7

98cfbc262e...bc.exe

windows7-x64

10

98cfbc262e...bc.exe

windows10-2004-x64

10

98d8bede74...ed.exe

windows7-x64

10

98d8bede74...ed.exe

windows10-2004-x64

10

9905bf91d0...cd.exe

windows7-x64

3

9905bf91d0...cd.exe

windows10-2004-x64

3

99171e268b...08.exe

windows7-x64

10

99171e268b...08.exe

windows10-2004-x64

10

991fdf0c20...cd.exe

windows7-x64

10

991fdf0c20...cd.exe

windows10-2004-x64

10

9921900649...5f.exe

windows7-x64

10

9921900649...5f.exe

windows10-2004-x64

10

9941d8f932...2a.exe

windows7-x64

10

9941d8f932...2a.exe

windows10-2004-x64

10

997e8d89ff...b8.exe

windows7-x64

3

997e8d89ff...b8.exe

windows10-2004-x64

10

998566d8ea...73.exe

windows7-x64

10

998566d8ea...73.exe

windows10-2004-x64

10

99bf888072...4b.exe

windows7-x64

10

99bf888072...4b.exe

windows10-2004-x64

10

99f05fe5d0...13.exe

windows7-x64

7

99f05fe5d0...13.exe

windows10-2004-x64

10

9a11a17452...66.exe

windows7-x64

10

9a11a17452...66.exe

windows10-2004-x64

8

9a26a56f56...c3.exe

windows7-x64

10

9a26a56f56...c3.exe

windows10-2004-x64

10

9a292ed0f5...7a.exe

windows7-x64

10

9a292ed0f5...7a.exe

windows10-2004-x64

10

9a3fe6a67d...4c.exe

windows7-x64

10

9a3fe6a67d...4c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99f05fe5d0501bee088a89917fddcd13.exe

  • Size

    224KB

  • MD5

    99f05fe5d0501bee088a89917fddcd13

  • SHA1

    c9844f77a489184d6857cfeda58aa739f95a2b07

  • SHA256

    17a942db32ea782d5c4d0219901f0cdfdb3f7926ca078e848257ec0eb7e4cab1

  • SHA512

    f39a644966d68f71017d9d72fc4f1564711294cad5933b1a279253411863fc05b583c4f888c7ba0d5b23d1eb0e418c628d29d8f505265c26bc2933b616ca09a6

  • SSDEEP

    3072:dsXRmUIMitHqQmZe27vc6Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwlmfDD:KR5IbqQmZeG47RZBGxAycKpSPX2Y

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99f05fe5d0501bee088a89917fddcd13.exe
    "C:\Users\Admin\AppData\Local\Temp\99f05fe5d0501bee088a89917fddcd13.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Users\Admin\AppData\Local\_foldernamelocalappdata_\netid32.exe
      "C:\Users\Admin\AppData\Local\_foldernamelocalappdata_\netid32.exe"
      2⤵
      • Executes dropped EXE
      PID:2376
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      2⤵
        PID:2380
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c timeout /t 5 && del "C:\Users\Admin\AppData\Local\Temp\99f05fe5d0501bee088a89917fddcd13.exe" && del "C:\Users\Admin\AppData\Local\Temp\99f05fe5d0501bee088a89917fddcd13.exe.config"
        2⤵
        • Deletes itself
        • Suspicious use of WriteProcessMemory
        PID:2964
        • C:\Windows\system32\timeout.exe
          timeout /t 5
          3⤵
          • Delays execution with timeout.exe
          PID:2724

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\_foldernamelocalappdata_\netid32.exe
      Filesize

      224KB

      MD5

      ebe179b191e68c3610f5a24d4414573a

      SHA1

      a89ef685932f9dc80fb1be4f0f1f086ae4dca795

      SHA256

      a03a3765123befb9f09ed0e3cf1e337a67b96e95b86d6098d43693fd1c17ac7f

      SHA512

      1ec136411a57ba1513210247e9ff49f596b77055b7650c6924d2f19c1032633a2182ffbdea36ec799b239dd00c51bfe0f1314038f7485254798f3263dfc5f9a7

      Download Submit

    • C:\Users\Admin\AppData\Local\_foldernamelocalappdata_\netid32.exe.config
      Filesize

      1KB

      MD5

      dd3d04c365984b4ec57a80503f81fddf

      SHA1

      c55fbcb61818e47dac9aae465faff91f0805bd7c

      SHA256

      40a59ca9744dc3d4647f246b2dc553f37f8095418c1b48a9bd94cdb5c03dbc5c

      SHA512

      0dd459def2abe9e3f0d1251049a0755c63f7dd3d85e91dba272c3f479f2578e3f3f2379e1cd6913190f7f596af721201eb5d9423ab28aed72bde5cd3cac7f785

      Download Submit

    • memory/1784-6-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1784-4-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1784-5-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1784-3-0x0000000000C10000-0x0000000000C32000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1784-0-0x000007FEF576E000-0x000007FEF576F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1784-2-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1784-1-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1784-15-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1784-19-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2376-16-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2376-18-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2376-17-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2376-20-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

      Filesize

      9.6MB

      Download