Overview

overview

8

Static

static

de26ced938...ac.exe

windows7-x64

8

de26ced938...ac.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    403s
  • max time network
    506s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 20:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    de26ced93891342e08fbf7b77036430eaaaf0eb1513ce1f25cef07d0e35542ac.exe

  • Size

    2.1MB

  • MD5

    6b8fac3fecd277c21d95f12429f71062

  • SHA1

    80c2f4034da7a4fa4edeab228dfbc85ebbaaaec0

  • SHA256

    de26ced93891342e08fbf7b77036430eaaaf0eb1513ce1f25cef07d0e35542ac

  • SHA512

    847ce9a43b66fab2eb17802748cbb16aa97e06bafd580503386b13faf7129fe9ca75562d2aad5c3ce0303f83512e598d165cb416b49286dbf3f548503153d725

  • SSDEEP

    24576:h1OYdaOXzoi5Fm2qmA+L4zKWQt0moNdqNFSj8y0j9jtaJB5ZuUUr2YGnEQ/VfV3:h1Os9mLmVJWQt0mozqW78bSVfV3

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de26ced93891342e08fbf7b77036430eaaaf0eb1513ce1f25cef07d0e35542ac.exe
    "C:\Users\Admin\AppData\Local\Temp\de26ced93891342e08fbf7b77036430eaaaf0eb1513ce1f25cef07d0e35542ac.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Users\Admin\AppData\Local\Temp\7zS4E37.tmp\hyEtKkoHTmbWsVV.exe
      .\hyEtKkoHTmbWsVV.exe
      2⤵
      • Executes dropped EXE
      PID:2200

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7zS4E37.tmp\hyEtKkoHTmbWsVV.exe
          Filesize

          627KB

          MD5

          f172b0682fca8eb1e5c8dde6b837e387

          SHA1

          06561c1d33f425af65373cfd7752681edd356890

          SHA256

          ca605e3f7654066bb6023bdaba995345e78ff8e25b3c5948ade4e37b8c57500e

          SHA512

          0d5b3c18c412d9c4372b1e404ed2fe6b4a03a93cc8f21eae7b7596463d44cd8eec8dea8146c9727011063a8a31bc08b158604dedc9a728643330b08aaa9b6012

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS4E37.tmp\hyEtKkoHTmbWsVV.exe
          Filesize

          627KB

          MD5

          f172b0682fca8eb1e5c8dde6b837e387

          SHA1

          06561c1d33f425af65373cfd7752681edd356890

          SHA256

          ca605e3f7654066bb6023bdaba995345e78ff8e25b3c5948ade4e37b8c57500e

          SHA512

          0d5b3c18c412d9c4372b1e404ed2fe6b4a03a93cc8f21eae7b7596463d44cd8eec8dea8146c9727011063a8a31bc08b158604dedc9a728643330b08aaa9b6012

          Download Submit