Overview

overview

7

Static

static

3

53cbe137c6...63.exe

windows7-x64

7

53cbe137c6...63.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 02:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    53cbe137c6c37f83c60e0d64a8f78463.exe

  • Size

    1.9MB

  • MD5

    53cbe137c6c37f83c60e0d64a8f78463

  • SHA1

    b19193ca5cce3734060ba58b731c473bbc5b3cfa

  • SHA256

    b9876ea2485951ed0c7548a5b9dc09192c5306741128b9725aba93a6bba4da59

  • SHA512

    f00acbca25be86783b4ebec3b6d67d79f3375749c44fca8e6339b6bcfefc47e517dcb073ff6534173d19993732925f770225f614e95de14908c12de52001d1bc

  • SSDEEP

    49152:Qoa1taC070dSnpPUJSsUWsChL2G5Do9uyQ/Dp26v:Qoa1taC0wCx4CG5DL/Dv

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53cbe137c6c37f83c60e0d64a8f78463.exe
    "C:\Users\Admin\AppData\Local\Temp\53cbe137c6c37f83c60e0d64a8f78463.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Users\Admin\AppData\Local\Temp\64BC.tmp
      "C:\Users\Admin\AppData\Local\Temp\64BC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\53cbe137c6c37f83c60e0d64a8f78463.exe 0A17E1B2B73D44CEF6E8616B39324AD8EAD11D88CB1748525B1C6B53128ACBF7C4EBB751A35774B1FDFE324C6E25DD8461055A476E4EC76175AC772539DD01DB
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2872

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\64BC.tmp
          Filesize

          1.4MB

          MD5

          17e32392550e080457b0d932ce12db57

          SHA1

          27a0b2db107b20b2cfa2edd58310288b72cd8477

          SHA256

          c31398095bfa1dba442ef4495b198018a7a503ae5a795671956093e2a9a81d6a

          SHA512

          805a9349b00405217ec4e48fb92afa52fc7d14b70cbb29686fb648dfad1f51e14b37f8dfff8d03d49cbbc5723757d6fb06af531d4f5fb2d77e68ffa32d4c92a7

          Download Submit

        • \Users\Admin\AppData\Local\Temp\64BC.tmp
          Filesize

          1.1MB

          MD5

          3af3fed3551663f8b9780fa806380f34

          SHA1

          ab1b393fce9e9e523d904fb5d4b40887c879e273

          SHA256

          ce3e23f1dd2650bc5676e456d085c0d2da3c2a03462e215b6d4cd14661b19e0f

          SHA512

          5b5c03ab9cfa441ba50cdd3872d28ca2df4062b6d8ab5a3680d432baf27ad40a10077e67670cd7e8957210ce3d2efec33176c0a84d9f17ff01910db7bf2851ef

          Download Submit

        • memory/2872-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2948-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download