Overview

overview

7

Static

static

3

3f5beb5467...22.exe

windows7-x64

7

3f5beb5467...22.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-08-2023 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f5beb5467fbda992daeab6624613ce3873ae55f325aa8e536e603243bd3c122.exe

  • Size

    3.0MB

  • MD5

    dc0691a0bc312adbd6cc87dc4a10c8dc

  • SHA1

    86becab4de650ae9f6fbe2b11bdd40e1baed2118

  • SHA256

    3f5beb5467fbda992daeab6624613ce3873ae55f325aa8e536e603243bd3c122

  • SHA512

    da64d2a18b3f51b299b2124ea1331979811e978d8b9499b9309c428687f1ae2ba6fe1f7289f6987873e5ce61dd6791121b48bc87faa56ef12c896bc56bb5a14f

  • SSDEEP

    98304:mQ21AK+uHKK+4QTFJ/E3L9v6RncHngSdQ0nf7:Vron+4QTFS3Jv6RcASW47

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f5beb5467fbda992daeab6624613ce3873ae55f325aa8e536e603243bd3c122.exe
    "C:\Users\Admin\AppData\Local\Temp\3f5beb5467fbda992daeab6624613ce3873ae55f325aa8e536e603243bd3c122.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3456
    • C:\Users\Admin\AppData\Local\Temp\is-SP1TS.tmp\3f5beb5467fbda992daeab6624613ce3873ae55f325aa8e536e603243bd3c122.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SP1TS.tmp\3f5beb5467fbda992daeab6624613ce3873ae55f325aa8e536e603243bd3c122.tmp" /SL5="$500DC,2899903,51712,C:\Users\Admin\AppData\Local\Temp\3f5beb5467fbda992daeab6624613ce3873ae55f325aa8e536e603243bd3c122.exe"
      2⤵
      • Executes dropped EXE
      PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-SP1TS.tmp\3f5beb5467fbda992daeab6624613ce3873ae55f325aa8e536e603243bd3c122.tmp
    Filesize

    706KB

    MD5

    1a6c2b578c69b9388e22d38afa16a7fb

    SHA1

    186370d5438b1f5f3d75891aa8412e8edd00981c

    SHA256

    86ac18632bfdca026df9fe12a1d4df2de64bbdc1d2d7e42d2dcbf7809cbbebb3

    SHA512

    fb868c629cd0255b7620c9260bb5712b6622f53f0b7de3d6125c295e02d16f03584ce3a90eccb02b65ce9825885aa1bca5f68c7cc09dc0c09e7c208fcef54714

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-SP1TS.tmp\3f5beb5467fbda992daeab6624613ce3873ae55f325aa8e536e603243bd3c122.tmp
    Filesize

    706KB

    MD5

    1a6c2b578c69b9388e22d38afa16a7fb

    SHA1

    186370d5438b1f5f3d75891aa8412e8edd00981c

    SHA256

    86ac18632bfdca026df9fe12a1d4df2de64bbdc1d2d7e42d2dcbf7809cbbebb3

    SHA512

    fb868c629cd0255b7620c9260bb5712b6622f53f0b7de3d6125c295e02d16f03584ce3a90eccb02b65ce9825885aa1bca5f68c7cc09dc0c09e7c208fcef54714

    Download Submit

  • memory/2644-140-0x0000000002210000-0x0000000002211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2644-148-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2644-149-0x0000000002210000-0x0000000002211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3456-134-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3456-146-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download