Overview

overview

7

Static

static

3

30a4c7dc5a...4b.exe

windows7-x64

30a4c7dc5a...4b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 13:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30a4c7dc5a8289c6a5f8ff72d556014b.exe

  • Size

    3.1MB

  • MD5

    30a4c7dc5a8289c6a5f8ff72d556014b

  • SHA1

    61a1e0a98714390ed2b829659bb85cf298859a1f

  • SHA256

    7fe029edc91aeca299da894d993961cc1b4742e96b2e2396303c6fe20e6da400

  • SHA512

    936ea6ffd2fbfd0c330343b98f1abcf0cc47eab2254b0f2bdd2af9fad611d9bb5049124d7c09c2288ed23a92b073301dbbeb5aa6e38ad22ba0f87fc4d3b27d9f

  • SSDEEP

    49152:Fvm22OdWOXqrbIyUJGK4LBqvtkBJKQZLg9efXMqUcwLVT5kUvgJSgHT6ojkxFbxx:5mSWOiIyU2BqChBMT/VLUjH5oxFbxx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30a4c7dc5a8289c6a5f8ff72d556014b.exe
    "C:\Users\Admin\AppData\Local\Temp\30a4c7dc5a8289c6a5f8ff72d556014b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4668
    • C:\Users\Admin\AppData\Local\Temp\6A81.tmp
      "C:\Users\Admin\AppData\Local\Temp\6A81.tmp" --splashC:\Users\Admin\AppData\Local\Temp\30a4c7dc5a8289c6a5f8ff72d556014b.exe 2AC748BCC52765464E631F7B003D655F521667C29BB3ADDD6892F66366708EC16D85A5D3510BA1572607A0CC40705B015ABA959B7D45972BD0CEA79100089AF7
      2⤵
      • Executes dropped EXE
      PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6A81.tmp
    Filesize

    3.1MB

    MD5

    f8295888e7a216cb93a77a783c962c0c

    SHA1

    f4686f37f9deffbb5413c611d73af3736337309a

    SHA256

    25fef2427eb8d91ee9f4937d3728236194b42d2b75535a86b2f1be4bce277896

    SHA512

    d5641d5c54be15a50f48dc286768da57adaee8ae2569b245295b407170a96efd681489a44f8fb05046b834c01a25ddd1932c10040cdfcd9ad26e4e5cfb0247a5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\6A81.tmp
    Filesize

    3.0MB

    MD5

    6e790c2ce8210933520d5b86cefbf827

    SHA1

    dee484fa258ec543b5d092c1b3910a9802e33dc0

    SHA256

    62bcd11f56d630f6163e9f721efc796d1422379fd8e7539306a9dceb8fa956d9

    SHA512

    66cfdaa8cd691b3800f8400a35a1bc46873da24689ccc6f46d442af509304247eaf9c8c979520edf681601553c0dc9eb5df9909589a55215d7f1479d517f43bc

    Download Submit

  • memory/3936-5-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4668-0-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download