Overview

overview

9

Static

static

3

d20bd75b1a...db.exe

windows7-x64

7

d20bd75b1a...db.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 03:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d20bd75b1af16612c8af974207aa21c035b841b6ad2376a6402e8b6c43e5c4db.exe

  • Size

    209KB

  • MD5

    bbe41b3a89f0b259bf2eb52c42c77882

  • SHA1

    e224952abdfef532c1e73319a9fd4cec7e6b9db1

  • SHA256

    d20bd75b1af16612c8af974207aa21c035b841b6ad2376a6402e8b6c43e5c4db

  • SHA512

    fb8e84a5359c0f3c1a5991a41ab13edb9232c9642579c9a686e86a1e5095df0ec3d70b4fb431bd6b40288967f6e2eed460c65d6d056c371e38ce9706065a6856

  • SSDEEP

    3072:6DWpwE7oL2e+efZwZ08i8z3ML2w9tuTOHpYq1fq2xzrKTen+/AdSTBUSZEl:dN/e+efimJa3ML2GOOHFlxzDwGSTB5E

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d20bd75b1af16612c8af974207aa21c035b841b6ad2376a6402e8b6c43e5c4db.exe
    "C:\Users\Admin\AppData\Local\Temp\d20bd75b1af16612c8af974207aa21c035b841b6ad2376a6402e8b6c43e5c4db.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:2340
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
        PID:1664
      • C:\Users\Admin\AppData\Local\Temp\_MsMpEng.exe
        "_MsMpEng.exe"
        2⤵
        • Executes dropped EXE
        PID:1788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MsMpEng.exe
      Filesize

      111KB

      MD5

      115cfc73b2da6a30424eb5229ca8d398

      SHA1

      5827b816db5a76971c056d1ee67420cc575680f7

      SHA256

      03e286f9e054756d81c7eb5bb6d280602147f2e6465b817315faf8ad11286343

      SHA512

      abd4d41dd1f50cfa3d0251d22132e40ed72301e4440906a0e42b7d132b324e5be47c82873dafb0a5c37c773de3f643777e9e768e9dd4dce783d1ea35ab256684

      Download Submit
    • \Windows\SysWOW64\Zombie.exe
      Filesize

      97KB

      MD5

      3030ef30040d3cb91937640d4eef20cd

      SHA1

      008c45e82bbd527e186caec96429f75e55f2ca47

      SHA256

      67ee8ad67e2f741e75fdbc4e16cf66ef325b0e026781cdb733850081f6acb3e8

      SHA512

      7558a58f4150ec00d9124509f8131c5f3cf35da4224892729158f267d8c91315b16d3a6fcaebbfeb8eb5b8d0e585788b1f992e1b5b6a18ad7b3558555e7cc5f9

      Download Submit