Overview

overview

7

Static

static

3

4cb414aec5...d4.exe

windows7-x64

7

4cb414aec5...d4.exe

windows10-2004-x64

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 15:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4cb414aec5ce5e74a08c44144ec9dbd4.exe

  • Size

    1.9MB

  • MD5

    4cb414aec5ce5e74a08c44144ec9dbd4

  • SHA1

    53352a33a7cf01bedf093e5aaceb8fd3762d6c82

  • SHA256

    421bc33db1d9737cc0ea92759124e822a6caa7611560433796e172765671e8aa

  • SHA512

    52fe7a76705c4dfeadb0040c7a9ad9bd54b1f35e0b81e9beb7e8c3b2e9c307b11ebf2ee6606cd71576285d07db0ea0fc5707fa3a03ba76b021e6b2488379dbd6

  • SSDEEP

    49152:Qoa1taC070dBP0NiRbeCtZZsex/HzbeGv:Qoa1taC0q0glZsel6U

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cb414aec5ce5e74a08c44144ec9dbd4.exe
    "C:\Users\Admin\AppData\Local\Temp\4cb414aec5ce5e74a08c44144ec9dbd4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1576
    • C:\Users\Admin\AppData\Local\Temp\1A06.tmp
      "C:\Users\Admin\AppData\Local\Temp\1A06.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4cb414aec5ce5e74a08c44144ec9dbd4.exe 46576A88702F40A4E1B8A7C2DE64A9A704BA0C9F6FCB636BBA4009C95E73FEBB18D4A96DBD14F4007CA65C429CC041A9604AE1123957EB3BE99A706A356F4A1A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2264

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1A06.tmp
          Filesize

          1.7MB

          MD5

          3e57665dd57d78c3c5b34f9027d07478

          SHA1

          e6eda1321ea2fae5454f4b2da3dd7556528a8bb9

          SHA256

          d4d9df1cca99cddb895709976691bfcddbe15551726d631d5f492f1e3d04381b

          SHA512

          a3e648cf335e56c09101126a1bc37c62f059a2e7c00a678f5a6e53cad7c50121f3e447bf9f12fed7706b246a2acafbfa3a8b67c0781844442e1845224b3b0f4b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\1A06.tmp
          Filesize

          1.9MB

          MD5

          0fc9e8c6867959b79cd701bc82e4456e

          SHA1

          be7608846f0855148d0a77a5767d4ff49fa48ddc

          SHA256

          e3e3465dde03e39ef5f68ba3d9570bd5f9045cf5ba971ced3cd05eed0488616b

          SHA512

          27e035c55364cbdcc89366711de51482ca35b504c7a411996db69151843ee72e9b7217d2dd96f2d4cf09bd4e5f5b818f1c5423192b69c0432f31168c9837d669

          Download Submit

        • memory/1576-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2264-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download