Overview

overview

7

Static

static

3

9031fbf2a3...f7.exe

windows7-x64

7

9031fbf2a3...f7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 12:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9031fbf2a38a2a986f3426db6c58e3f7.exe

  • Size

    359KB

  • MD5

    9031fbf2a38a2a986f3426db6c58e3f7

  • SHA1

    9c9dc1aa36402b607c9931fa08a0161c02cbc58c

  • SHA256

    5331dd9b16a69cdf59bddaa0f791ac8664bc762f6084755d0cee680b092e36e0

  • SHA512

    01afe18dafef15dde65a0fc3e072cdd6afcba57703ea779aab7bb5d9a48861b38797818c819e1350beb87582b22b840cb290fe2cc736f62ee4e375941f3fbca5

  • SSDEEP

    6144:PbVswff0hvZrA2WfPsGfdFqfH5sI8Y6VUbqSKJXi9I1+LIr0pp9fY8K/4Tgu:PbVstZIfPsGSBNbqSKJXi9I1+hdKQTgu

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9031fbf2a38a2a986f3426db6c58e3f7.exe
    "C:\Users\Admin\AppData\Local\Temp\9031fbf2a38a2a986f3426db6c58e3f7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Users\Admin\AppData\Local\Temp\9031fbf2a38a2a986f3426db6c58e3f7.exe
      C:\Users\Admin\AppData\Local\Temp\9031fbf2a38a2a986f3426db6c58e3f7.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:1380

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\9031fbf2a38a2a986f3426db6c58e3f7.exe
          Filesize

          359KB

          MD5

          a4aeddeb3548ff5824020178cc98d875

          SHA1

          f534f7d7b4714e375c3031b46b2a011f0611462b

          SHA256

          6169662fe793e1654293e0c5a05e8c4d61ce9987c050145dd1db33dbb51f4164

          SHA512

          4cb74920e85db64a903f911835fc4714e9a5cd1f27a45a8d799c3f418079bbba9e895b9fee6afcd0507900d501da14893f5e7b2337d82332bd6424e75b8e9ed4

          Download Submit

        • memory/1380-11-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/1380-12-0x0000000000220000-0x0000000000255000-memory.dmp

          Filesize

          212KB

          Download

        • memory/1380-10-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/2992-0-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/2992-8-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download