Overview

overview

7

Static

static

3

609faf97b6...dd.exe

windows7-x64

7

609faf97b6...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 04:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    609faf97b61980cabee9d67585b0acdd.exe

  • Size

    1.9MB

  • MD5

    609faf97b61980cabee9d67585b0acdd

  • SHA1

    04032af40b7fdae130fbf5163b3137204b56c192

  • SHA256

    8b56d9f79fc95d02cc2e15d12227eccb7d479bedb9170cfa01163dcbfdff41ec

  • SHA512

    a2edd0f57e6090d769f1efe8154946b58863367942c9abb8acbe9728a6084b5a691aeec43e90567086e5c4312a087319354caaea263a957237a32e1967a71961

  • SSDEEP

    49152:Qoa1taC070dQm4xZK6BbQsFMjUfnB2at8nbHUFsum5:Qoa1taC0W4xk6BbQ3uB2atsb1um5

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\609faf97b61980cabee9d67585b0acdd.exe
    "C:\Users\Admin\AppData\Local\Temp\609faf97b61980cabee9d67585b0acdd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Users\Admin\AppData\Local\Temp\9434.tmp
      "C:\Users\Admin\AppData\Local\Temp\9434.tmp" --splashC:\Users\Admin\AppData\Local\Temp\609faf97b61980cabee9d67585b0acdd.exe F956999E462A716B598A88796C6427EF30651F518F04DC7E53650FBA5A06FC279E70B18C5AFF9DF786F23DD5F8DF7A680E13CAF3594C931712C9079F998F82E9
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9434.tmp
    Filesize

    1.3MB

    MD5

    402469d50a9dbd9514a62c9a05f9e374

    SHA1

    1d9802e84bbc291e100b8080e86ac288910b3505

    SHA256

    5511a470650a867846464e067069d02186470c6eab738e540494134919a86c06

    SHA512

    cd32cda2ce9df94f2ff1d217f8f790bf79a7429cd05f6c38af5fcd2189182c9e13bebbf722fe4a485165ca655eee0ecabf2d16f16a413028a4d81ec07dc2589a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\9434.tmp
    Filesize

    1.8MB

    MD5

    1586c16b7df0cbf6923ca784e00251f6

    SHA1

    afec50ce5f258ebe64cd5d56d2c80e2d2b768e1d

    SHA256

    02d77d20dbb174869aadbd58188edf49205730aaf52cb757a46075a49304966c

    SHA512

    65531c6249f7dc87c0490c61c78840437336830513d1388fdd9dc7910c1b9995fc78720434f40b9ec305d66a22ff92a6fa05dd361a06c3a7cd2857cb5882b5d1

    Download Submit

  • memory/2180-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2688-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download