Overview

overview

7

Static

static

3

abdfa62b68...bb.exe

windows7-x64

7

abdfa62b68...bb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    abdfa62b68f71418edf662e7e87d02bb.exe

  • Size

    1.9MB

  • MD5

    abdfa62b68f71418edf662e7e87d02bb

  • SHA1

    8139616224468fe6f1cc9d7722ca648b143869a3

  • SHA256

    3faf21aab748b1ddae746802c781e6426bfbf592367100bce9ba230edc71f7bc

  • SHA512

    dde9f4f2cf35a66ce2e06e980e23889020a26c9e0077f4c1e3c7bc297ad339fef18a87f91e135aa0fdcb2486f162cc50c15b8a26bce0699f6b75662f4e94875d

  • SSDEEP

    49152:Qoa1taC070dtcyqX7a1rubUsFkryiIwoMXhWonlMQo7o:Qoa1taC0oqX7S6UTVhDno7o

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\abdfa62b68f71418edf662e7e87d02bb.exe
    "C:\Users\Admin\AppData\Local\Temp\abdfa62b68f71418edf662e7e87d02bb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Users\Admin\AppData\Local\Temp\A1FA.tmp
      "C:\Users\Admin\AppData\Local\Temp\A1FA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\abdfa62b68f71418edf662e7e87d02bb.exe 7431F5CAC84126C4EF04F2CA1B8FC15B92119BD1181ACBE74A9CDAE940E707DC88833618E48129F273792C66689F1C267B938202F2FD89E0BC70BEDDA681253E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A1FA.tmp
    Filesize

    353KB

    MD5

    56c82346083f9af0afde8ca66417adfd

    SHA1

    95b194cd1099cbf063032c3c65c77826ac51faea

    SHA256

    b3b2b7ad40bb0a26ea40d05661b729b748d133678f17b9629a5e085ff3c5a873

    SHA512

    4f613c27071381e98a7dcd192eb3d8b75570aadcdfe490c46826ec215afc072b9c77846fb56aead54050617a9b419112587a929ff23e96dd1525f72a6fe89829

    Download Submit

  • \Users\Admin\AppData\Local\Temp\A1FA.tmp
    Filesize

    512KB

    MD5

    6b936dbf34fcadf0cdd761cb5fb562ed

    SHA1

    b952ef23f1fc73c01ed6e338a57ef1fe2a41719d

    SHA256

    e28a08f219beb5e6e960bc7810ec469cf5c159dd2417d799a227f9d6c884d126

    SHA512

    bf041009fa3368a87c6c72155cf80fc93b539bb379b9d7741ee3850253ad6a7e9509ef82c20b7f6e1707ba20283a5bcd4ee2cca499234b96f44891a0c59a238b

    Download Submit

  • memory/2292-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2716-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download