Overview

overview

7

Static

static

3

0afebef166...eb.exe

windows7-x64

7

0afebef166...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2023 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0afebef1662b7c98e35215b9f8c064eb.exe

  • Size

    1.1MB

  • MD5

    0afebef1662b7c98e35215b9f8c064eb

  • SHA1

    0f7d13097edc10130dc1ec00ab8cedcd73cf02bb

  • SHA256

    18e2becfddb9389884cfcd173b33d099adacf7fd069113c6c0da088a96868245

  • SHA512

    0f854d309dcb5973fc68a902750af6aeccce2bc7e6eff17372fe156c4ca5e5ebe43f29eacbdd1ac86f68d3cba751d4aea5a060578d25cfcc3bb532a1eaddf259

  • SSDEEP

    24576:SypW9SgLNZaOdcTMuUvxIg28VZLZaVCkeZTMnV8YwiU:St9SgLNZa6xIOVQCDTMnVjBU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0afebef1662b7c98e35215b9f8c064eb.exe
    "C:\Users\Admin\AppData\Local\Temp\0afebef1662b7c98e35215b9f8c064eb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Users\Admin\AppData\Local\Temp\4DA3.tmp
      "C:\Users\Admin\AppData\Local\Temp\4DA3.tmp" --pingC:\Users\Admin\AppData\Local\Temp\0afebef1662b7c98e35215b9f8c064eb.exe FF4A857D3D7ABFA1652CDC8EC4E892D50C348D11ABDA4EE909AAF06C3A5ABD3D0B1EEA2A82DA5892E14F0D150D6453DD392750E7273902ACDA62F8CF5E82D799
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4DA3.tmp
    Filesize

    268KB

    MD5

    ad6dbdae5d90b72c58a6af92de5e868a

    SHA1

    2a4a4ce3aa70b733f8886e549a3d5a73a33fcc01

    SHA256

    94f7429dac794dbd66fdbb44f4149cd47997242f9794ad25838cb19697074731

    SHA512

    44da42d1fb90bc8721d2a39e217f87925fe77799832cb595281fbf14e54d06fc407607ef102547272e22db74f503a46a232ae73fa2120ddd8d7eed10315b85cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4DA3.tmp
    Filesize

    277KB

    MD5

    9709c7c2ab86826dfa754385a18e69a5

    SHA1

    deb4b22f9089d6ab19185ff9399691d366da9618

    SHA256

    f6984ced96fe815ab472eda8e1bf4531e5d2c7df99786ab439906bc73b5de932

    SHA512

    249bfe7ab348ef85692262ed9bb34543533a66063ae3d4c1dd76ddde13258f75469d4e346ceee6230f663ab5951541202c3b3f65ade3cbe9916a2107885155e5

    Download Submit

  • memory/3624-7-0x0000000000E70000-0x0000000000FB5000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/5040-1-0x0000000000900000-0x0000000000A45000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/5040-0-0x0000000003110000-0x0000000003160000-memory.dmp

    Filesize

    320KB

    Download