Overview

overview

7

Static

static

3

58ecff2885...f9.exe

windows7-x64

58ecff2885...f9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2023 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58ecff28856a0633b41322f0daaf5cf9.exe

  • Size

    4.2MB

  • MD5

    58ecff28856a0633b41322f0daaf5cf9

  • SHA1

    49bb8912ea7a2b18b1225f511ad46499ac2bd589

  • SHA256

    db759699f769f2cee68c3f62113e630ed207da0d34de76f444c61aa64e7b4bd1

  • SHA512

    86e82c45df5945d503f6698a8b5d5963f55a4bfc21fe96b5720711d566d7075cc92192f9ab022f4174532a12411483c6b67102ca3dd620bcc45bd6e8c1c60f5a

  • SSDEEP

    98304:emhd1UryeS5BtQjdr7jVLUjH5oxFbxCVLUjH5oxFbx:elZp7jVUjZEdCVUjZEd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58ecff28856a0633b41322f0daaf5cf9.exe
    "C:\Users\Admin\AppData\Local\Temp\58ecff28856a0633b41322f0daaf5cf9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Users\Admin\AppData\Local\Temp\68DC.tmp
      "C:\Users\Admin\AppData\Local\Temp\68DC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\58ecff28856a0633b41322f0daaf5cf9.exe D730E3AD6489E801573C56814C0C41C2325CE9BFB1ECBBBD6E07C80B5D6D2A6E082F06322D99EA9330DADACE07B80F966EC95F36E150CDEFB8F34CC3EB9345C4
      2⤵
      • Executes dropped EXE
      PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\68DC.tmp
    Filesize

    4.2MB

    MD5

    f446f8d06a4c5f8a700be22768e54817

    SHA1

    bdbbf9c8ddacb1824569690114d257c2a616c314

    SHA256

    4884226bac8fcad62dd0eff62c1e8f5414c0e186f596a60ad6db22f32738b53f

    SHA512

    1cc80079d77353cfb50e9ff22ab3b7898f6cb7e58d8081fa4ef6154866d8cc1ff9d2b1a2a42977a1b0e292c9552fd4b0a85a829f21b467054bc0a560157d8b3f

    Download Submit

  • memory/1308-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/1628-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download