Overview

overview

10

Static

static

10

PRE-ADVISE...49.exe

windows7-x64

10

PRE-ADVISE...49.exe

windows10-2004-x64

10

New P.O.exe

windows7-x64

10

New P.O.exe

windows10-2004-x64

10

174d337dc9...e8.exe

windows7-x64

10

174d337dc9...e8.exe

windows10-2004-x64

3

1acc6fd285...05.elf

debian-12-armhf

9

JDtnp2mcrQvXDeo.exe

windows7-x64

10

JDtnp2mcrQvXDeo.exe

windows10-2004-x64

10

73c5c4b126...f0.exe

windows7-x64

10

73c5c4b126...f0.exe

windows10-2004-x64

10

PR-ZWL 07...O).exe

windows7-x64

8

PR-ZWL 07...O).exe

windows10-2004-x64

8

SOA pdf.exe

windows7-x64

10

SOA pdf.exe

windows10-2004-x64

10

8c56b0f77a...4a.exe

windows7-x64

10

8c56b0f77a...4a.exe

windows10-2004-x64

10

a7756cd5c5...c1.elf

debian-12-armhf

1

ac6ea6239a...de.exe

windows7-x64

7

ac6ea6239a...de.exe

windows10-2004-x64

7

c55761decb...27.elf

ubuntu-22.04-amd64

c79a98c3a1...73.exe

windows7-x64

8

c79a98c3a1...73.exe

windows10-2004-x64

8

d30f8c9b89...30.doc

windows7-x64

4

d30f8c9b89...30.doc

windows10-2004-x64

1

d38f510bc1...26.exe

windows7-x64

1

d38f510bc1...26.exe

windows10-2004-x64

1

d623c0b8d9...cf.bat

windows7-x64

1

d623c0b8d9...cf.bat

windows10-2004-x64

1

RFQ-2402-3572.exe

windows7-x64

10

RFQ-2402-3572.exe

windows10-2004-x64

10

INV&PL.exe

windows7-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 02:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    174d337dc96f1d28833631db40dfb53ed28878b50ade6698a423b222b3ff78e8.exe

  • Size

    1.2MB

  • MD5

    bf62b57ee6b1e88d479e982fcc5bcf68

  • SHA1

    35956b67857e333893689bf293b053653180bc87

  • SHA256

    174d337dc96f1d28833631db40dfb53ed28878b50ade6698a423b222b3ff78e8

  • SHA512

    ce25b0d13a2af6df4a89a7376684535b78b2cf4fff76121344ab700a70852f0a23f70eddbe8884f70584c4a12afbc20149a4e6253a23de5294672d0998713553

  • SSDEEP

    24576:PAHnh+eWsN3skA4RV1Hom2KXMmHa0cBsAbHXBRSPO2fC5:yh+ZkldoPK8Ya0ahdRFP

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\174d337dc96f1d28833631db40dfb53ed28878b50ade6698a423b222b3ff78e8.exe
    "C:\Users\Admin\AppData\Local\Temp\174d337dc96f1d28833631db40dfb53ed28878b50ade6698a423b222b3ff78e8.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\AppData\Local\Temp\174d337dc96f1d28833631db40dfb53ed28878b50ade6698a423b222b3ff78e8.exe"
      2⤵
        PID:644
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 732
        2⤵
        • Program crash
        PID:2932
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2124 -ip 2124
      1⤵
        PID:3080

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\aut33F1.tmp
        Filesize

        262KB

        MD5

        025b512e55f6046c8f7495866b98b5e3

        SHA1

        40f9882f515f86cf9d3b785024a4bcb348b66b93

        SHA256

        426650b0d9a3cd5a2a4ff284750b74abe70ed9d83a6be348512eea7e542f40e4

        SHA512

        a3f391a13d8c977079f8106e29260e6fc33f7ec46bd6ef3cff1c468fad17cf9db7e5e6427a9b4b745c2caefbb9163046b05c05bd04312d490742161d524a21e7

        Download Submit
      • memory/2124-12-0x0000000002090000-0x0000000002094000-memory.dmp
        Filesize

        16KB

        Download