Overview

overview

7

Static

static

3

0e0be25914...76.exe

windows7-x64

7

0e0be25914...76.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 10:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e0be25914df7659696550437c072c76.exe

  • Size

    1.5MB

  • MD5

    0e0be25914df7659696550437c072c76

  • SHA1

    d41af20047919b28ef7d7f0bc89626eda6fe4bd8

  • SHA256

    a4fe1a0e188f0f7f68d433b2487814587809bcf97f697d2fe93ef125f17f4147

  • SHA512

    8466ad752410c6e3a65238649cad00f5eae021e935cc5bfcad453054c8d23edb41fb083e9cb3bad33cfbeb5f8891f2de74580ca90e152ba71b189d1fec0f1d6d

  • SSDEEP

    24576:e9dG37Vk0R07Qanm9KalCNAO6+e3dnguICtXOm4c+N2jSlEFpyAUMCvp:lrq0R07QQm6Nvig3Ctem4celSvyAUnp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e0be25914df7659696550437c072c76.exe
    "C:\Users\Admin\AppData\Local\Temp\0e0be25914df7659696550437c072c76.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\AppData\Local\Temp\1851.tmp
      "C:\Users\Admin\AppData\Local\Temp\1851.tmp" --pingC:\Users\Admin\AppData\Local\Temp\0e0be25914df7659696550437c072c76.exe 3BEBEA8A012236A8C4D7603111A7432FC09EC26C870E780C728163C40DF04ED045F68809925037A5AA3208531D459F4821B0224724ED42F42ADAF10ABF79CA14
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1851.tmp
    Filesize

    1.5MB

    MD5

    3f1b64fb858e31ea0e18cecf55fe6f08

    SHA1

    9406ea3cc17f32fadd1392f813d6a252aee48aa6

    SHA256

    cadcaa0b965b9e67069c2a6dc24d40e7d8aeb6c4e8142c5cba0c3f3c2de33a45

    SHA512

    8bd9e8532488a93b431e4315eb054a9b919cc5a12e9cc0f62406b6f93b0e51775f8ab30a71b41b3a5d305e241fc715cda6b873d48be34ce89cfb53a72043cbf3

    Download Submit

  • memory/2084-0-0x0000000000350000-0x000000000051E000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2084-2-0x0000000000520000-0x000000000059A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2924-8-0x00000000008C0000-0x0000000000A8E000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2924-10-0x0000000000270000-0x00000000002EA000-memory.dmp

    Filesize

    488KB

    Download