Overview

overview

10

Static

static

24c2540e58...8d.exe

windows7_x64

10

24c2540e58...8d.exe

windows10_x64

6

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    31-07-2020 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24c2540e588585a4daf8b3fe1112a78d.exe

  • Size

    1.0MB

  • MD5

    24c2540e588585a4daf8b3fe1112a78d

  • SHA1

    d48b28ebb1a010eae20a10aa4d1d6c5a79ea6f96

  • SHA256

    08fe7e61eafc062a5f50981fae0f578442cdfd31a00e2398389c8bea37485f02

  • SHA512

    d1add494d6d6e658126d7fbd35c9b1adfa54e0417125ff55d1ab9290fb0670ad97fa723e5764b6cc06082968f7b1267ebfccd53e9cbee112b0c9cface2021923

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of WriteProcessMemory 361 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24c2540e588585a4daf8b3fe1112a78d.exe
    "C:\Users\Admin\AppData\Local\Temp\24c2540e588585a4daf8b3fe1112a78d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Windows\SysWOW64\Notepad.exe
      "C:\Windows\System32\Notepad.exe"
      2⤵
        PID:4084

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Web Service

    1
    T1102

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4084-0-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-1-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-2-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-3-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-4-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-5-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-6-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-7-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-8-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-9-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-10-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-11-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-12-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-13-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-14-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-15-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-16-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-17-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-18-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-19-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-20-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-21-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-22-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-23-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-24-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-25-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-26-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-27-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-28-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-29-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-30-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-31-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-32-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-33-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-34-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-35-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-36-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-37-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-38-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-39-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-40-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-41-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-42-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-43-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-44-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-45-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-46-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-47-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-48-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-49-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-50-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-51-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-52-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-53-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-54-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-55-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-56-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-57-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-58-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-59-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-60-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-61-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-62-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-63-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-64-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-65-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-66-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-67-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-68-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-69-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-70-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-71-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-72-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-73-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-74-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-75-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-76-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-77-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-78-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-79-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-80-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-81-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-82-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-83-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-84-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-85-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-86-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-87-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-88-0x0000000000000000-mapping.dmp
      Download
    • memory/4084-89-0x0000000000000000-mapping.dmp
      Download