Overview

overview

7

Static

static

5329cd821c...dd.exe

windows7-x64

7

5329cd821c...dd.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5329cd821ca71679695104b00fe1df7c71b3497feff230d961f8aaf7f602dbdd.exe

  • Size

    16KB

  • MD5

    7b46afcf58d0ceb17f12044179740cc4

  • SHA1

    b079ac855d6d6d33a5200e16d99e7d56d164e1fd

  • SHA256

    5329cd821ca71679695104b00fe1df7c71b3497feff230d961f8aaf7f602dbdd

  • SHA512

    8efe3d3c94ab0694d11ac78367e4d25824d7a8f3afda0181e279310c101f4a0075cd927674fb9eee1285e0d6f449403bd7e0720fec0365a5fb7b42e0a602e764

  • SSDEEP

    96:CXTacedhER/uEq8zH1gWxq2sjq+ArVkxeUIjTT8jtPtboynwEzB:8aceL8Q8ZgWbFiLUTiP1oynwE

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5329cd821ca71679695104b00fe1df7c71b3497feff230d961f8aaf7f602dbdd.exe
    "C:\Users\Admin\AppData\Local\Temp\5329cd821ca71679695104b00fe1df7c71b3497feff230d961f8aaf7f602dbdd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:616
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\\del_temp.bat
      2⤵
      • Deletes itself
      PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\del_temp.bat
    Filesize

    246B

    MD5

    5b02fd939c91b9c8d1adb05436d51651

    SHA1

    82835bcbef1b25f287bebfa9638c21fc1fc4cbe0

    SHA256

    5ff2f9c217c396503efc89499cf26c0ab255d71097f2e26ef957f47f7c1bb2c3

    SHA512

    38e447cd1ece4276b3d3b3024dc241b525f593623194f123207ab3923806090c2984f6b3194cdf696992c92baf86d1fab0a6c198dc87c3208218a40e96131170

    Download Submit
  • memory/616-54-0x0000000075931000-0x0000000075933000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1224-55-0x0000000000000000-mapping.dmp
    Download