Overview

overview

7

Static

static

3

1d5d04da3c...3d.exe

windows7-x64

7

1d5d04da3c...3d.exe

windows10-2004-x64

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 12:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1d5d04da3c417e79709b8f31addfd63d.exe

  • Size

    1.9MB

  • MD5

    1d5d04da3c417e79709b8f31addfd63d

  • SHA1

    173c62eef749342f458311537d877929ced42efd

  • SHA256

    2bdc1e135386e4c57fdf6062fed5f6c6d731a8d5d5203e6264d31ba7435a714d

  • SHA512

    0cba3552819a684b1af13068ec7a06afb14af07b21aff021c366c37dd2c38a964d6610e9d03ef80539fb50c603afa0c73717cb590d9c685b55eb5955afb4ec63

  • SSDEEP

    49152:Qoa1taC070dFU5H6gaiz43bPRffC9460kF:Qoa1taC0MRXy4jo

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d5d04da3c417e79709b8f31addfd63d.exe
    "C:\Users\Admin\AppData\Local\Temp\1d5d04da3c417e79709b8f31addfd63d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\Temp\EB0.tmp
      "C:\Users\Admin\AppData\Local\Temp\EB0.tmp" --splashC:\Users\Admin\AppData\Local\Temp\1d5d04da3c417e79709b8f31addfd63d.exe C5506E96EE44E11CB5FBA466AA193DE23297B7211FAA9CCFA0A87711A117B43B659791778BB3E5322A5703BBCC1630ED5F1CCA7CD79116BA6903AB4D55C1D8D5
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1888

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\EB0.tmp
          Filesize

          1.9MB

          MD5

          6e1d682d12174e7ff2660d0013ff9b25

          SHA1

          b53f65d724625280123e6d9d90433f7acdda2d26

          SHA256

          9c8644e6359005bd7b014c969df41f6b97d27bab7a534d420bddd90ed38fc5a5

          SHA512

          7723afbecd372caec3d43edb7bf11a55d70a069748b8dfa3954987a26144f60ec30f0afd154406c84b51b24831f27990b7adbd519119a0bcd20b9296885f60e6

          Download Submit

        • memory/1700-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1888-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download