Overview

overview

7

Static

static

3

11a56168ea...e2.exe

windows7-x64

7

11a56168ea...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 11:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11a56168ea2c5b42befddfddb5b33ee2.exe

  • Size

    1.9MB

  • MD5

    11a56168ea2c5b42befddfddb5b33ee2

  • SHA1

    bbcd7e0e996ca427e924926f8599be379277b63e

  • SHA256

    04cd27539c0d4b1a10e8380ed0c89391d2a4b65111622fef5fa857ac5aa9f999

  • SHA512

    136af0334bb0b49209d370038b7a73f41e767650349334e69116bad3bdd74f51d49b5a07f3cf84624f56bef02f13118f3d0ce5c134a2993e8b6b3c63c58ef3cb

  • SSDEEP

    49152:Qoa1taC070dQAVQcjOo3WLs0BT0QpsxHtHv:Qoa1taC0jo8p0QpsfHv

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11a56168ea2c5b42befddfddb5b33ee2.exe
    "C:\Users\Admin\AppData\Local\Temp\11a56168ea2c5b42befddfddb5b33ee2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4624
    • C:\Users\Admin\AppData\Local\Temp\3D76.tmp
      "C:\Users\Admin\AppData\Local\Temp\3D76.tmp" --splashC:\Users\Admin\AppData\Local\Temp\11a56168ea2c5b42befddfddb5b33ee2.exe 66CDA3B478A5F43C24557A9B22540BDA692CBFCDE1F2EFAE72BECC40E54713E56FD0365B5B4AEE3B38ABE991A356F11BFDD6E881348435A7ACAD567B49F6D9FF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3D76.tmp
    Filesize

    366KB

    MD5

    374060b7c0288da1db10c05bd2934ab7

    SHA1

    f6964511131edae4c7e7e97ea53356b1a36ee440

    SHA256

    45f8eb0163ccfac3ea276b5a8cff79dd8604995a223f35af4a2d19b08413f737

    SHA512

    9213ec7d4c141c2b46a48676b519549f05576dc3c1d9a291c6be4ffe7cd6a023a2e02f6a2a5d7d693c886fad143fe7c1823a07dd1715fbbe280c0cfe6c1b23f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3D76.tmp
    Filesize

    330KB

    MD5

    da513c0d5384e109421cc28750d6ec20

    SHA1

    bfcc1b8f1b7d760c1f2aaf2d91a74e503fe45aad

    SHA256

    f027cd68262eea6ab02b2bc3452658a53b49060e30c5ce8e42abe8e8f23e4535

    SHA512

    a41816e31758581d7d06321245496980353c2f01a88aa6957308e3da9755013cdf65aa37abe8c16ab49963e0ff036d6bdf43af0872647a2d80733eb14361765b

    Download Submit

  • memory/460-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4624-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download