Overview

overview

8

Static

static

25d664ac8e...30.exe

windows7-x64

8

25d664ac8e...30.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    57s
  • max time network
    80s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2022 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25d664ac8e8b09284ce0c6947727fc743777b0693849d6f323aaae8d5d760a30.exe

  • Size

    15KB

  • MD5

    04647f475e1d0eecaa8303075e42863b

  • SHA1

    6cc2d46b60dedde9c40c49a73d8d7fdc68c24001

  • SHA256

    25d664ac8e8b09284ce0c6947727fc743777b0693849d6f323aaae8d5d760a30

  • SHA512

    d5c5458be734b1a9a2267ff6c6959953b1d277c7778330247896b9ca3f5a51f445d7dc7401a5f347d1d398a71f36e152227af23db0bdda633d8b4b96f71ec208

  • SSDEEP

    192:TfqehgiTbxTzkUoM5caBHRYOxZLk0Kl4DfFFTEyncjWO3L/CldolM/4/0gX79drt:Tf3hg+RxoMeQqOxZLdxbnoLCc4urt

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25d664ac8e8b09284ce0c6947727fc743777b0693849d6f323aaae8d5d760a30.exe
    "C:\Users\Admin\AppData\Local\Temp\25d664ac8e8b09284ce0c6947727fc743777b0693849d6f323aaae8d5d760a30.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Users\Admin\AppData\Local\Temp\Del6105.tmp
      "C:\Users\Admin\AppData\Local\Temp\Del6105.tmp" PID:736 EXE:"C:\Users\Admin\AppData\Local\Temp\25d664ac8e8b09284ce0c6947727fc743777b0693849d6f323aaae8d5d760a30.exe"
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Del6105.tmp
    Filesize

    15KB

    MD5

    04647f475e1d0eecaa8303075e42863b

    SHA1

    6cc2d46b60dedde9c40c49a73d8d7fdc68c24001

    SHA256

    25d664ac8e8b09284ce0c6947727fc743777b0693849d6f323aaae8d5d760a30

    SHA512

    d5c5458be734b1a9a2267ff6c6959953b1d277c7778330247896b9ca3f5a51f445d7dc7401a5f347d1d398a71f36e152227af23db0bdda633d8b4b96f71ec208

    Download Submit

  • memory/1788-57-0x0000000000000000-mapping.dmp

    Download

  • memory/1788-59-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1904-54-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1904-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1904-56-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download