Overview

overview

7

Static

static

3

0707e0f4bf...b4.exe

windows7-x64

7

0707e0f4bf...b4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 10:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0707e0f4bf56b01413a3401b72018cb4.exe

  • Size

    1.9MB

  • MD5

    0707e0f4bf56b01413a3401b72018cb4

  • SHA1

    330f02890cdf61ece47d701c049ca76f56a28895

  • SHA256

    217d472c95dc9acb14d109001979be42e5612c2875a2c33238ff8fdd40750da4

  • SHA512

    d3d457c6341f917df7f8d1d9ddd31b966dd6adc0c5040c9efdd83ba88eae4647952f96aa3deda5c727d2bf026a8017e06f9cb4fea8037f0307cd6d45a411eaae

  • SSDEEP

    49152:Qoa1taC070dOpQBxFLrE+VfsI4ggHTdabbhU30pqjiTBO08aZ:Qoa1taC0BATLr7VsI4ggz8hU33IBAaZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0707e0f4bf56b01413a3401b72018cb4.exe
    "C:\Users\Admin\AppData\Local\Temp\0707e0f4bf56b01413a3401b72018cb4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3668
    • C:\Users\Admin\AppData\Local\Temp\4A67.tmp
      "C:\Users\Admin\AppData\Local\Temp\4A67.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0707e0f4bf56b01413a3401b72018cb4.exe A61643E71197BAE8F250A62441BF0266E5F3E3EDA1AFA7D03F4385AE183BA16D63C524F3B75B4A0B772BD27558A6BD508318D670690FE8E9C8644FBCA18D189F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4A67.tmp
    Filesize

    1.2MB

    MD5

    31a8338b0786db5ecbd7b6916586fccd

    SHA1

    63f4b817dd442b218e8ca08a1a22644e3b4364d3

    SHA256

    b60cc8201b63ce9ad6102e72f2cca05408830999ea5a0cfdead28c1621a031de

    SHA512

    6519a82363cbcf7edaac567a030a4179a821201167f6074ba194b2f4994c955dcf75f217e6529b108b1ea06ee297654293782fa3aff75afb8aa976c23d041a9d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4A67.tmp
    Filesize

    927KB

    MD5

    acc740c5876237072455ce9fe06544ef

    SHA1

    0b5e520df867d35c5bfbbfc63a93a4c8777b4d4e

    SHA256

    6ca92e421888b9d240c374924369f3b50ba3ffea9b56aa049800a1303a94bf2d

    SHA512

    41af6d825d348199e31db07062c5b35be8b0c56d04dc94df0b4dee6e36fbd668ac679329a256034ce3b43ef163a044808826dd06dbfeebf98c18923522b00166

    Download Submit

  • memory/3668-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3980-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download