Overview

overview

7

Static

static

3

0a97de258f...63.exe

windows7-x64

7

0a97de258f...63.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 10:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0a97de258f891a24a54a42ce834a5163.exe

  • Size

    1.9MB

  • MD5

    0a97de258f891a24a54a42ce834a5163

  • SHA1

    682abb3df202627a975b43c0f0de1af7cfc9f9cd

  • SHA256

    026365d4b8fe23d15de4594c3d52fa59415d0167762b77e71346806660e180ee

  • SHA512

    e11a58a55bddb690b8368e5b7f62022006f7a3b4d40f0afe9b83c117385b5bb9030ba1063a072b02716efca5ad4d2c0a9c8f4d1feeef3f1f086193908458a5c3

  • SSDEEP

    49152:Qoa1taC070d44PAHOSuXFCIjNi+geeiLXXAP:Qoa1taC0aPKOSvI0evX6

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a97de258f891a24a54a42ce834a5163.exe
    "C:\Users\Admin\AppData\Local\Temp\0a97de258f891a24a54a42ce834a5163.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Local\Temp\8759.tmp
      "C:\Users\Admin\AppData\Local\Temp\8759.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0a97de258f891a24a54a42ce834a5163.exe 33ED7FDF7B56584E18BFB60D6168CC966DF35A7E2962D1FA7699E2F9A66DEF3B62D87A345692FC92E8C45DF0930A386049F9B200E0801140B5FF92754B0F5916
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2732

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\8759.tmp
          Filesize

          1.9MB

          MD5

          5c92e0ae4fb4c378f0a8adc08b800145

          SHA1

          8b4deb3bc026c5ac20beee2482716bb9ec676aee

          SHA256

          560ea2d0247f114b9f183c7c091ed9f4c6a6562d17a1f59e3dac4a47f8909400

          SHA512

          b0f91e278dde13e70077d78c66ec1868cfb058a76b5af2639397d49282e2b4035523a9eec36d0d63a8230c32c4f226c9b2e89aa672127e5ba18c60c7f864c7c9

          Download Submit

        • memory/1728-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2732-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download