Overview

overview

7

Static

static

3

f04cae87e7...32.exe

windows7-x64

7

f04cae87e7...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2023, 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f04cae87e70252cde9b81bc57254bd10_exe32.exe

  • Size

    468KB

  • MD5

    f04cae87e70252cde9b81bc57254bd10

  • SHA1

    152b6588b75d7e7da3e6eb8f0725120472c48985

  • SHA256

    348ab9c9237e72f4605fa3aeaf42ef911fcdf84bcbdd91b07483f7243333b5b0

  • SHA512

    25bb493e85ccdb2ccaab5224bec9024c52a2c22d2100cfaa53485059dc1faf3ada2d3f95214a098637411a6661bb92f3b64c424ff03c6ff9cdfa88e03dc48e54

  • SSDEEP

    6144:Cg2uH8y29HMHKezpTvqYwTHhBrl9KEY5Ggvkmgm33B78YBc7:Zd8dWHlSYwjrlQXhNgmhYYBc7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f04cae87e70252cde9b81bc57254bd10_exe32.exe
    "C:\Users\Admin\AppData\Local\Temp\f04cae87e70252cde9b81bc57254bd10_exe32.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Users\Admin\AppData\Local\Temp\5042.tmp
      "C:\Users\Admin\AppData\Local\Temp\5042.tmp" --pingC:\Users\Admin\AppData\Local\Temp\f04cae87e70252cde9b81bc57254bd10_exe32.exe 55B0DE66A9540E4AB402B0C796AC1D171A6B5926C308BC6574420D1C77E58916F9F6743D83539A887635FA12F27EC8C19D57855E5FCCC069393BCD07C731B018
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5042.tmp
    Filesize

    468KB

    MD5

    961ac9f96803ca12ac43ae6f71807d80

    SHA1

    b912770dcee630339b5a6fc9e1d3d4ba3ed27d35

    SHA256

    33ce37a2b2beca51fef0a6225136a9b0e14303df5f8ffe82bcc60765730611da

    SHA512

    d6c2feaf02d19826ec3e1100e35c3d5d653154946ba852772f6c7b2c86f14a636de8981c294273f0def33cab8529c6a2f89fdb059bfd988b63eebb2aa4fc5205

    Download Submit

  • \Users\Admin\AppData\Local\Temp\5042.tmp
    Filesize

    468KB

    MD5

    961ac9f96803ca12ac43ae6f71807d80

    SHA1

    b912770dcee630339b5a6fc9e1d3d4ba3ed27d35

    SHA256

    33ce37a2b2beca51fef0a6225136a9b0e14303df5f8ffe82bcc60765730611da

    SHA512

    d6c2feaf02d19826ec3e1100e35c3d5d653154946ba852772f6c7b2c86f14a636de8981c294273f0def33cab8529c6a2f89fdb059bfd988b63eebb2aa4fc5205

    Download Submit