Overview

overview

7

Static

static

7b53a00b3a...le.exe

windows7_x64

7

7b53a00b3a...le.exe

windows10_x64

7

Analysis

  • max time kernel
    14s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    22-07-2021 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2.sample.exe

  • Size

    138KB

  • MD5

    6f772eb660bc05fc26df86c98ca49abc

  • SHA1

    8da75dd328c195b84f15740a33fc9888af4da2be

  • SHA256

    7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2

  • SHA512

    3e028cecf08ed4fe0100a7587f04ba4c4cebb023b371cc4e793a7dfb7be64a4d2ef8066fc352ea834c239cb7c5836626673e02fbaa63f4631b71d40c4cc284a1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2.sample.exe
    "C:\Users\Admin\AppData\Local\Temp\7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2.sample.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Windows\system32\msiexec.exe
      "C:\Windows\system32\msiexec.exe"
      2⤵
      • Deletes itself
      PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1608-115-0x0000000000000000-mapping.dmp
    Download
  • memory/1608-118-0x000001F5ADAD0000-0x000001F5ADAF8000-memory.dmp
    Filesize

    160KB

    Download
  • memory/4016-114-0x0000000008B10000-0x0000000008B11000-memory.dmp
    Filesize

    4KB

    Download