Overview

overview

7

Static

static

3

3f9ad72ce5...fc.exe

windows7-x64

7

3f9ad72ce5...fc.exe

windows10-2004-x64

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 14:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3f9ad72ce57ab3d0c5062bb0938454fc.exe

  • Size

    1.9MB

  • MD5

    3f9ad72ce57ab3d0c5062bb0938454fc

  • SHA1

    10826716f394879cbe7b3400836fddfab0bf5060

  • SHA256

    cf3676e19e3f86e1c5127131154b7bd17a6559a818627f982c8d8dded21d70b9

  • SHA512

    4d6743b399aecfc6ca5193d907610b83bd2919086ee1dbe98b5510e759c757ece1924ba52a3c097200d240e71b3715268ffd3758de3446c66ca395710355f1c1

  • SSDEEP

    49152:Qoa1taC070dN0MbsW1kV3UHYxG52fUFTVcbU40iu:Qoa1taC0BwsW1klMYAuU5Vcbh0iu

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f9ad72ce57ab3d0c5062bb0938454fc.exe
    "C:\Users\Admin\AppData\Local\Temp\3f9ad72ce57ab3d0c5062bb0938454fc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Users\Admin\AppData\Local\Temp\929F.tmp
      "C:\Users\Admin\AppData\Local\Temp\929F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\3f9ad72ce57ab3d0c5062bb0938454fc.exe F9FA0948E1B1711D017DEBC9D6ADCF1DF72C0D3611D8F0E5FE4022140AC8D326E3C01AAF47B7074DBA81482504A07CCDF5FBF8D20D41047F93C5634BC25F500D
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2972

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\929F.tmp
          Filesize

          1.9MB

          MD5

          5b8e7509f19302299d0c03ce0fc9f30c

          SHA1

          3d15c1f7f43b452479db9ae1b25b1c212ded0a67

          SHA256

          b7b81410fd1386208f6b8b5c557ee18a6b6f1a821df0a1b8f6b9036f5a4d7a1a

          SHA512

          173ca2ea4c1da364364e2d3bd3e9047888451331f55f5b922133432bf6e544c57d3d6cf06ecf1e8b004751b4c7a6c0b80385010bb8485572b90768b350b59e85

          Download Submit

        • \Users\Admin\AppData\Local\Temp\929F.tmp
          Filesize

          1.1MB

          MD5

          ea8eabd19280c642d8cb90964cef7de6

          SHA1

          e4d37671eb8311d7698a365d788a25a9b9dba1d5

          SHA256

          b198fdbb27139b22f441a18e53dffcfb9610d6b763845dce87c92385ab59811f

          SHA512

          723dd895b6a33a288e49ed94c934a548b6a68ecd2f21727522453bc0e53a656ef480715fc5e24e20f5d07d3072f1eee5dae462bad78a09216bad366e25f2dc4e

          Download Submit

        • memory/2288-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2972-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download