Overview

overview

10

Static

static

1

.............exe

windows7-x64

7

.............exe

windows10-2004-x64

7

your-file_...yg.exe

windows7-x64

10

your-file_...yg.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    177s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-03-2023 16:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .............exe

  • Size

    5.8MB

  • MD5

    288d7d66024b6562feeb4d6baed41849

  • SHA1

    cb9efb823a462d1afc8057839fecd224d661102a

  • SHA256

    7dfffd124e41f73e266f806951457060dfff9950caca0fcd1c542ff5e9a21e34

  • SHA512

    1793b4c153f4277d65cf99b2758c586f4a59234760916280deab35ae69bd48b3584ba76474243ac67efb98c052b4e9a184c16b93b10ea92292eac46224cf334a

  • SSDEEP

    98304:LX44Xe8aIUM7LhfXMObVARKlsZjLusEBHYCzg1OnW/T+1zS2owMVMowF:7VXeNIUuWObuRKIu5Y0CozSnw7bF

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\.............exe
    "C:\Users\Admin\AppData\Local\Temp\.............exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4092
    • C:\Users\Admin\AppData\Local\Temp\is-EP0K6.tmp\.............tmp
      "C:\Users\Admin\AppData\Local\Temp\is-EP0K6.tmp\.............tmp" /SL5="$B007C,5307485,798208,C:\Users\Admin\AppData\Local\Temp\.............exe"
      2⤵
      • Executes dropped EXE
      PID:1828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-EP0K6.tmp\.............tmp
    Filesize

    2.5MB

    MD5

    dc270b2fae059b51845179bb688518d2

    SHA1

    c4cb4f277b13ef18af9f805c2c907e76bfbf4090

    SHA256

    193eeaaea6e82956e8e09fbde518b5b008edcda24da40b13bc4a751a21bfeb7f

    SHA512

    efdc817a697a7f0e5c512e94ff0a900ca2f65b91f54e256e15d0b2e4797368b2c685d12abd6e74ca2e09ea6dd3c1603783c205d7b9a9d865ec9ed7dbd27283c2

    Download Submit

  • memory/1828-139-0x0000000000830000-0x0000000000831000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1828-141-0x0000000000400000-0x000000000068B000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4092-133-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download

  • memory/4092-140-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download