Overview

overview

7

Static

static

3

06e850a961...ad.exe

windows7-x64

7

06e850a961...ad.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2023 10:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06e850a961a64f2bb5bb983bc8ae84ad.exe

  • Size

    1.9MB

  • MD5

    06e850a961a64f2bb5bb983bc8ae84ad

  • SHA1

    8755b9297ade149ba56372356a5761ac1fa6567e

  • SHA256

    d7016b4118dce6a43e518adc95cdbbecdf480a54111a0d942daa8b6d81e54c84

  • SHA512

    6e0e11b24ef2d62175e4446f895cff960790f61145003a1f52afab0dcfba39813d13345b53547b0ac2aa74e1f4499a75e101040041f3ed7bcc40bb7a8add1cf9

  • SSDEEP

    49152:Qoa1taC070da6E3vjy2/vhBPy8PWrky7g:Qoa1taC0QEfjNhHWrky7g

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06e850a961a64f2bb5bb983bc8ae84ad.exe
    "C:\Users\Admin\AppData\Local\Temp\06e850a961a64f2bb5bb983bc8ae84ad.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Users\Admin\AppData\Local\Temp\6DBE.tmp
      "C:\Users\Admin\AppData\Local\Temp\6DBE.tmp" --splashC:\Users\Admin\AppData\Local\Temp\06e850a961a64f2bb5bb983bc8ae84ad.exe 2DFCB8381A03C80769329EA58306C24C764A4245CDACBAB9CC4F1D6F5FAA8CE35F00917576B567FA332A5D3E99D384BB82A0ED4998F95767733CEC3E31D2EDB6
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6DBE.tmp
    Filesize

    1.0MB

    MD5

    55c7518520ef71a452d717c52755827a

    SHA1

    300c423bb5048338566d429a099a2c5831a9bbe3

    SHA256

    79b332093a396fa4a6cf79686ad4cfa1c7484b62fc448990111d95c6513c6bde

    SHA512

    ce974ada5fcbcf670f4758ae73645bc79c7b2b459616fa02dee2360c40f146484432285a5e17e9d993288755df49549e4015732fe77522595cddaeb06017d03e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\6DBE.tmp
    Filesize

    945KB

    MD5

    87cc2fb03a6454f865f807e393ccc2f7

    SHA1

    9187a38ec43beca8d724413eef064a3612839d41

    SHA256

    ebe49c8dfccc89756beaebf99d9905c1833957f67be11893e9e7ac8dff62c36e

    SHA512

    adc2cfcfd35a43d7fda257749072afc7b4e13743e94b52e5e1fa50dd77bdf3adfe4a4d6b9e8bb2e6ecf512648258692bfb32a0c52c2920918d676f2644419145

    Download Submit

  • memory/2736-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3204-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download