Overview

overview

7

Static

static

3

8119840f0b...45.exe

windows7-x64

7

8119840f0b...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 09:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8119840f0b1af24f6c6d5db98c8ed045.exe

  • Size

    1.9MB

  • MD5

    8119840f0b1af24f6c6d5db98c8ed045

  • SHA1

    970c9ce198296873fc8cd227f15447bc1173b009

  • SHA256

    02f34b43d6134a162fafac250913596fd374228ae36fc0f6f78bc6506cf9b40d

  • SHA512

    9e66c9eac48ff20e2d3154eeb4f33d3a806970974768290101b4dfc723476404399e8cc941fb541312dc9d0c5b6d1a0ebb96dfc7810e8c622c9ce3708e8457b2

  • SSDEEP

    49152:Qoa1taC070dXCZNmC58K7xXqEW4gcIP/Mubo:Qoa1taC06Cj80xXq9F8ubo

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8119840f0b1af24f6c6d5db98c8ed045.exe
    "C:\Users\Admin\AppData\Local\Temp\8119840f0b1af24f6c6d5db98c8ed045.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4416
    • C:\Users\Admin\AppData\Local\Temp\416E.tmp
      "C:\Users\Admin\AppData\Local\Temp\416E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\8119840f0b1af24f6c6d5db98c8ed045.exe 76EB93304A11B3AD1B120D52B6233A1E1B8CB6BE7B2CD8F0E427E2062318B68D8638B1DE83386F95CADA297A2367E7F5ADC87219E253BD6F61C625AE647AB720
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\416E.tmp
    Filesize

    230KB

    MD5

    ee7d2e9bd19b086ddd0d4424772f0aa2

    SHA1

    468b171e8c031703db4c42441c60648459736aaf

    SHA256

    bb52e74f749d8b7429939ae1e55c735a2f2bbe966e4f6f6bcc28c603fd7e3505

    SHA512

    3c0aad0636ef18772b044ec069696ce0a75b7a4802dbe01773eca8ad2460605c5c5ac39e858655922290270e6ff868f11735a0582ec9b1d13b57461995131fdb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\416E.tmp
    Filesize

    314KB

    MD5

    47c5ffacff14af577762c12ed5447f13

    SHA1

    7369080cf287dcd12baf26f7ded528aac27e9b3b

    SHA256

    16d9c2823564024d623c18dfe5dabfe20701849eebeefc86d30ddf115777642d

    SHA512

    b72f69c84de2efa3fd8db79a21aff44dd775e5685c0e103da20e83fe26b6dad70ded96d78c6e3320087ec2f6754577aba62783f7517ec6413e07ea0faf9ec035

    Download Submit

  • memory/348-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4416-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download