Overview

overview

8

Static

static

4bb2e8034c...f6.exe

windows7-x64

8

4bb2e8034c...f6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    8s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bb2e8034c9b6939febd3bd7e4ecdfe379569fb04387eb9798c804f00d9301f6.exe

  • Size

    414KB

  • MD5

    a13bb9a6b1dcdf7f7100fd1a16d45d90

  • SHA1

    3a775d877e778e2e4fda89d8708ba6c22992c189

  • SHA256

    4bb2e8034c9b6939febd3bd7e4ecdfe379569fb04387eb9798c804f00d9301f6

  • SHA512

    5a1bada39bcfdc5e84670f537129c15f09c7811b9d563a92d73df565fab5ded3d3fe6cfa9388f863bc2caf526c7f93c9399ebee9f2a1625da29248a0b8ec6b21

  • SSDEEP

    12288:Wq4w/ekieZgU6v91/GwPKuhOCeom9Fgbl:Wq4w/ekieH6vLGxmReo4ab

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bb2e8034c9b6939febd3bd7e4ecdfe379569fb04387eb9798c804f00d9301f6.exe
    "C:\Users\Admin\AppData\Local\Temp\4bb2e8034c9b6939febd3bd7e4ecdfe379569fb04387eb9798c804f00d9301f6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Users\Admin\AppData\Local\Temp\93F7.tmp
      "C:\Users\Admin\AppData\Local\Temp\93F7.tmp" --helpC:\Users\Admin\AppData\Local\Temp\4bb2e8034c9b6939febd3bd7e4ecdfe379569fb04387eb9798c804f00d9301f6.exe 9798DFABF7E3B87BDF971682F52932300C877986B26EDF1731360C24450E57B9081554FE2053D6A929F2C7465435380265D4DB8FEDF8C9A544CFE2DD05D58E38
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\93F7.tmp
    Filesize

    414KB

    MD5

    4e6fc44ca2c068e2b558e5a7879bdf35

    SHA1

    e1b4b0184c71be6ec3c9f0d21f29a0c7d8959c26

    SHA256

    78eef5977f8f33b2858dd4151d08fbc4b9a4070af6be5ab91b6594496883e960

    SHA512

    421366fe90a9568f6d929a918190d3919b41a8b855acc0699ce05ef9bcf2ee58a015da5e5e1817c7cb8197c2d8f394aef63da76d8749548fd83b1bb0363ec8c4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\93F7.tmp
    Filesize

    414KB

    MD5

    4e6fc44ca2c068e2b558e5a7879bdf35

    SHA1

    e1b4b0184c71be6ec3c9f0d21f29a0c7d8959c26

    SHA256

    78eef5977f8f33b2858dd4151d08fbc4b9a4070af6be5ab91b6594496883e960

    SHA512

    421366fe90a9568f6d929a918190d3919b41a8b855acc0699ce05ef9bcf2ee58a015da5e5e1817c7cb8197c2d8f394aef63da76d8749548fd83b1bb0363ec8c4

    Download Submit

  • memory/1756-54-0x0000000075141000-0x0000000075143000-memory.dmp

    Filesize

    8KB

    Download