Overview

overview

8

Static

static

2A123997C7...39.exe

windows7-x64

8

2A123997C7...39.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/01/2023, 18:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2A123997C73517F9200191ABA7F25C39.exe

  • Size

    288KB

  • MD5

    2a123997c73517f9200191aba7f25c39

  • SHA1

    e6d34b394ab0f393ac03e838e5ccc6c893e1ad9c

  • SHA256

    f90a4bc19717e25d8117e3b4ecf24539c695a1e3173b93b3d68e1a651476becd

  • SHA512

    8c3284b45ce46608328d664ba6643526707bbe9f36de545709022319512765e15c05c87d351970a130625d3b02c40eb31c7fc755262d57c538dc5617a76609b6

  • SSDEEP

    6144:3/2UwgZXPSJMzKnKv1VY3Q4BwJFOuJ/oYcS5X63z:v2UtZXPScqKvnY3QyunoYcS5KD

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2A123997C73517F9200191ABA7F25C39.exe
    "C:\Users\Admin\AppData\Local\Temp\2A123997C73517F9200191ABA7F25C39.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4992
    • C:\Users\Admin\AppData\Local\Temp\is-40UMF.tmp\2A123997C73517F9200191ABA7F25C39.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-40UMF.tmp\2A123997C73517F9200191ABA7F25C39.tmp" /SL5="$8003A,59159,53248,C:\Users\Admin\AppData\Local\Temp\2A123997C73517F9200191ABA7F25C39.exe"
      2⤵
      • Executes dropped EXE
      PID:4772

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-40UMF.tmp\2A123997C73517F9200191ABA7F25C39.tmp
          Filesize

          669KB

          MD5

          52950ac9e2b481453082f096120e355a

          SHA1

          159c09db1abcee9114b4f792ffba255c78a6e6c3

          SHA256

          25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd

          SHA512

          5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-40UMF.tmp\2A123997C73517F9200191ABA7F25C39.tmp
          Filesize

          669KB

          MD5

          52950ac9e2b481453082f096120e355a

          SHA1

          159c09db1abcee9114b4f792ffba255c78a6e6c3

          SHA256

          25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd

          SHA512

          5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

          Download Submit

        • memory/4992-132-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/4992-137-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/4992-138-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download