Overview

overview

7

Static

static

3

ffc8a5e204...ex.exe

windows7-x64

7

ffc8a5e204...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2023, 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffc8a5e204556cexeexeexeex.exe

  • Size

    412KB

  • MD5

    ffc8a5e204556cbb8a4e6d685aa1dec8

  • SHA1

    a0b5bf543c27543e65f1db7ac5c141a72d8a77a1

  • SHA256

    47873e8ff44329f25c44c2d49111e77b97e739a8ef94a5a6e7490fae6f1e9350

  • SHA512

    1be5c659e70561cbd564f1db9a8bc75ab10535146dfa8e15c771b90c43cd30f7357095ecc353f9e67032d08a5313c601d3422bb546eee7b70c489c79a06ab4aa

  • SSDEEP

    12288:U6PCrIc9kph5ulpOh6BoaC6uMs2jYoWsuNx:U6QIcOh5IBoDvM9Y3f

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffc8a5e204556cexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\ffc8a5e204556cexeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Users\Admin\AppData\Local\Temp\1D6.tmp
      "C:\Users\Admin\AppData\Local\Temp\1D6.tmp" --pingC:\Users\Admin\AppData\Local\Temp\ffc8a5e204556cexeexeexeex.exe 5BA48C3F862FD5F70B3A63238CD53C947F5154401628E4EF3D0DFB45FA8BC60438A32968BC8B7070792EA203983DCC60A51217F1769A652E4E6D45EFFA72AF9B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1D6.tmp
    Filesize

    412KB

    MD5

    dfabc1d4698b515d83a1c70003de8db7

    SHA1

    fdc631eb04bfd68a7938fc5ec4d727f057c5ab8d

    SHA256

    77b979e95c110e5e5e523629a4859a1ba3fd60d357b402ff9fbe526561c543cb

    SHA512

    fab36f4e16f1282fc5bb9a2be76471c25a471b74f3f291f77f7e1cca5347eaee85b4de58feeeebff8c9a0709ec3e4e02ccd6adebd70c7f4112ab0a6c5f2aa3d8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1D6.tmp
    Filesize

    412KB

    MD5

    dfabc1d4698b515d83a1c70003de8db7

    SHA1

    fdc631eb04bfd68a7938fc5ec4d727f057c5ab8d

    SHA256

    77b979e95c110e5e5e523629a4859a1ba3fd60d357b402ff9fbe526561c543cb

    SHA512

    fab36f4e16f1282fc5bb9a2be76471c25a471b74f3f291f77f7e1cca5347eaee85b4de58feeeebff8c9a0709ec3e4e02ccd6adebd70c7f4112ab0a6c5f2aa3d8

    Download Submit