Overview

overview

10

Static

static

10

PRE-ADVISE...49.exe

windows7-x64

10

PRE-ADVISE...49.exe

windows10-2004-x64

10

New P.O.exe

windows7-x64

10

New P.O.exe

windows10-2004-x64

10

174d337dc9...e8.exe

windows7-x64

10

174d337dc9...e8.exe

windows10-2004-x64

3

1acc6fd285...05.elf

debian-12-armhf

9

JDtnp2mcrQvXDeo.exe

windows7-x64

10

JDtnp2mcrQvXDeo.exe

windows10-2004-x64

10

73c5c4b126...f0.exe

windows7-x64

10

73c5c4b126...f0.exe

windows10-2004-x64

10

PR-ZWL 07...O).exe

windows7-x64

8

PR-ZWL 07...O).exe

windows10-2004-x64

8

SOA pdf.exe

windows7-x64

10

SOA pdf.exe

windows10-2004-x64

10

8c56b0f77a...4a.exe

windows7-x64

10

8c56b0f77a...4a.exe

windows10-2004-x64

10

a7756cd5c5...c1.elf

debian-12-armhf

1

ac6ea6239a...de.exe

windows7-x64

7

ac6ea6239a...de.exe

windows10-2004-x64

7

c55761decb...27.elf

ubuntu-22.04-amd64

c79a98c3a1...73.exe

windows7-x64

8

c79a98c3a1...73.exe

windows10-2004-x64

8

d30f8c9b89...30.doc

windows7-x64

4

d30f8c9b89...30.doc

windows10-2004-x64

1

d38f510bc1...26.exe

windows7-x64

1

d38f510bc1...26.exe

windows10-2004-x64

1

d623c0b8d9...cf.bat

windows7-x64

1

d623c0b8d9...cf.bat

windows10-2004-x64

1

RFQ-2402-3572.exe

windows7-x64

10

RFQ-2402-3572.exe

windows10-2004-x64

10

INV&PL.exe

windows7-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 02:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac6ea6239a4b82d24b823f1a50ab207652024f33726730d4d7b791fcb2fec7de.exe

  • Size

    10.2MB

  • MD5

    d3f70e7671df9f9817768d24c75aa735

  • SHA1

    d1d758deac586c0629870b5df63f1de5a79d153b

  • SHA256

    ac6ea6239a4b82d24b823f1a50ab207652024f33726730d4d7b791fcb2fec7de

  • SHA512

    51a921f93ddd21599fdba186a5abe72f9103e7e5ed4e863f8ff0eefd78e6941276bea1e84c240c3365cada2d4026d6794bae33b9a969d11c0141f17b2f189ac2

  • SSDEEP

    196608:N/7Olb2w9+L0YFqQxA10++MvJHDO6yBT9k0W8/L2yBE3U/aF1gJ3:NKlq5L0HQK1HnOT9W8qQiFaJ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac6ea6239a4b82d24b823f1a50ab207652024f33726730d4d7b791fcb2fec7de.exe
    "C:\Users\Admin\AppData\Local\Temp\ac6ea6239a4b82d24b823f1a50ab207652024f33726730d4d7b791fcb2fec7de.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Users\Admin\AppData\Local\Temp\ac6ea6239a4b82d24b823f1a50ab207652024f33726730d4d7b791fcb2fec7de.exe
      "C:\Users\Admin\AppData\Local\Temp\ac6ea6239a4b82d24b823f1a50ab207652024f33726730d4d7b791fcb2fec7de.exe"
      2⤵
      • Loads dropped DLL
      PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI30082\python311.dll
    Filesize

    4.7MB

    MD5

    9c83364db2337cedb50cefce5772bf28

    SHA1

    6a65ce4bec369e2e2f6aa19e52ac556ceb3445fc

    SHA256

    89b71fca8d164d6e7a98967036212aa1fb28f5554e2a1b1042556c22c514ac16

    SHA512

    e3608ced277fce1e64a0d371b928a5bfc0e00d93a3f020a56f698b1aa2f18a80fc726a9f7c25b8d8d98a2b95ca49a03a254b3c704c08772abaadee0b01f8aa48

    Download Submit