Overview

overview

7

Static

static

3

a25a524932...bd.exe

windows7-x64

7

a25a524932...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 13:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a25a52493270ef36bc961fb726904dbd.exe

  • Size

    1.9MB

  • MD5

    a25a52493270ef36bc961fb726904dbd

  • SHA1

    1f6778e5a5b4d9bb131510c90a55e6f15985b836

  • SHA256

    da5f2d592484132b1fb2f9746a6f5af6424800097752988c15d3d4e62f679f23

  • SHA512

    682661186561a8d62fe1f55c6890d8e039edf1795083cca97deec5d47c2c2a9ce1358f7425b85c7b61820b47c9bc3c26b7eb117e8a205ef076497204d4e755fd

  • SSDEEP

    49152:Qoa1taC070dWQaIkLFatVcpMsp3PHJDVFfaT:Qoa1taC0RQaICsLAMS3flaT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a25a52493270ef36bc961fb726904dbd.exe
    "C:\Users\Admin\AppData\Local\Temp\a25a52493270ef36bc961fb726904dbd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4032
    • C:\Users\Admin\AppData\Local\Temp\4F0A.tmp
      "C:\Users\Admin\AppData\Local\Temp\4F0A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\a25a52493270ef36bc961fb726904dbd.exe 84436A7D8BC80C13873BD092242F45ACAE6E607AB755606800D6E92FEC3EDBF7C0F08D63DBDAC68CF05D1D787EE3D50ED75664D0529A82E6B1E5FB7D76FD4534
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4F0A.tmp
    Filesize

    611KB

    MD5

    da1f3db0829475eb15d6cce9e15a8c8f

    SHA1

    087b433bd056a5de9cf0abe02dee32895682104f

    SHA256

    c84230786af13329558803bfb8e789c742f28b943ca4580cdbe92f490ce5e5b0

    SHA512

    e6e23507c4ed743ba5d83d86573d28e193449e3b8ad84b1af970ad4fc3f5ee7166afa4422b5c4a595f2e9e1bd8481bc2feb9212db5f77998db1a92e077105604

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4F0A.tmp
    Filesize

    590KB

    MD5

    3c3662a091f60a72598e631bcd684229

    SHA1

    e782e920dff37e09a5e4ec71f032a6490afadd2f

    SHA256

    99175fe701b8d45d48d8e829f50ffb86379d901b2a67f10066d4d1987a54dffe

    SHA512

    bdca02f3c8dd163c5e68a39f324cdbde868646b7c49c8cc6afe8f67318c4ee3ec98b92277afdc61c91347abd41fd1a9931c106ba490b723995c174b73f8c40c8

    Download Submit

  • memory/232-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4032-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download