Overview

overview

7

Static

static

3

16c51ee3db...f0.exe

windows7-x64

7

16c51ee3db...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2023 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16c51ee3dbde5f9dc4eaaaf1684b3df0.exe

  • Size

    1.9MB

  • MD5

    16c51ee3dbde5f9dc4eaaaf1684b3df0

  • SHA1

    fe53a5d14171a31b856749d2146f3cc6f8416cce

  • SHA256

    b73534f99021541936e849008a5a49162ae7862284f52d2f44ab42375ffa2ef8

  • SHA512

    4db8ceeb4b622f9cc63e7ddd95bfd6da525144e3e948266a71d5d061a507c5b9cc4805675baadaed1220e72560e5a8ff4286fb85fc8d9c46e396b62cb10baa61

  • SSDEEP

    49152:Qoa1taC070dQU06DfVB0l1Ch/bwiHoOZsuF+mcw:Qoa1taC0Y06DfnwUbwiHXqvw

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16c51ee3dbde5f9dc4eaaaf1684b3df0.exe
    "C:\Users\Admin\AppData\Local\Temp\16c51ee3dbde5f9dc4eaaaf1684b3df0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\Users\Admin\AppData\Local\Temp\4371.tmp
      "C:\Users\Admin\AppData\Local\Temp\4371.tmp" --splashC:\Users\Admin\AppData\Local\Temp\16c51ee3dbde5f9dc4eaaaf1684b3df0.exe 4BE7823955E3AA9763B6AD5FE635C3DF3C35DDCE74502B334B6BE50DA637A00810AE298BCDBF301E487F86CB374F4DEFA68C25AED940B0E4092A0CCE8E2DBE34
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4371.tmp
    Filesize

    1.9MB

    MD5

    0ed63f94b62580ea2cf96541b111e6ce

    SHA1

    15e7cfe34680f0a093c252fb2dc4765ebd1bf0ec

    SHA256

    2861166ca621da382d41731c113d4d18d89d32ca1b354d8aa55a737830ed4711

    SHA512

    ae525e329ee56cffff2930fa1384ec64d40a68f60d88abd9bb2d6a48ebba21503cce1eed2082d97c10a8dcd8a4de40f628a6769087a3dc5bc754f38ae1655393

    Download Submit

  • memory/400-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3228-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download