Overview

overview

7

Static

static

3

0c6d4bd5a1...4a.exe

windows7-x64

7

0c6d4bd5a1...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 10:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0c6d4bd5a19db31700469714bdfdb34a.exe

  • Size

    2.3MB

  • MD5

    0c6d4bd5a19db31700469714bdfdb34a

  • SHA1

    ab5e6545cb3b264aa0945e2cac38b450611f0384

  • SHA256

    4caa0a5fceaca58780c464f3575ec7ef301c8191ea24d6d66e7a5516dc13f23a

  • SHA512

    6fbae4b8c853f3b07d8cbcf5a985138b5f32dcf440df498ee1039339d00f60c6cc976252d9c85757187ac26f367a74c87e0a61f6d83e1e08a5f0c98cd6b87197

  • SSDEEP

    49152:dqgazxcGYN139lnk30ray05C9LF/1g80O:dqgazxc5H39ln2Ny0EH/kO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c6d4bd5a19db31700469714bdfdb34a.exe
    "C:\Users\Admin\AppData\Local\Temp\0c6d4bd5a19db31700469714bdfdb34a.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3812
    • C:\Program Files (x86)\klan\saz.exe
      "C:\Program Files (x86)\klan\saz.exe"
      2⤵
      • Executes dropped EXE
      PID:3984

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\klan\saz.exe
          Filesize

          270KB

          MD5

          6ed838a2666c4bafda5e43d109df4afa

          SHA1

          b63f00623d75dc083aef44a7fb723bfa4f773fd4

          SHA256

          370a96339f778d9197b794fec8c5efecd466c6d2ca99b37d1cc31376329b0eae

          SHA512

          d9bf90eca9a72481c15d2f48c87d118044c895eb576bb746d3a8acffeee12b963593a1e5ce97ba511201ad217245c2dcc747f2891f757c83ccf68747520e78de

          Download Submit

        • C:\Program Files (x86)\klan\saz.exe
          Filesize

          341KB

          MD5

          9e01fc75c272901a37fd28837aeccefb

          SHA1

          8ac5e7fed182eb98eaffa6b94d3d033247027d15

          SHA256

          62fb9f8aff42cb313d67de4045946a72f97b774bcc5dcdb28d9aa3e60945cc76

          SHA512

          0b8298dcc672aac03746fbee5a9142ff129e350fcac053a2cb8310f2323a2d72577888d9b3f00112e72f9f3561ec87f5ebf5b4fbcc7fc2695eed4b17ed075ffc

          Download Submit

        • memory/3812-4-0x0000000000400000-0x000000000045A000-memory.dmp

          Filesize

          360KB

          Download

        • memory/3984-5-0x0000000000400000-0x000000000045A000-memory.dmp

          Filesize

          360KB

          Download