Overview

overview

7

Static

static

3

a8b77b1b6e...68.exe

windows7-x64

7

a8b77b1b6e...68.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 13:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a8b77b1b6ed4b83f95a46b9911094868.exe

  • Size

    1.9MB

  • MD5

    a8b77b1b6ed4b83f95a46b9911094868

  • SHA1

    0bed3d70e04ddfa5baef970679fb236d7a0a7ed1

  • SHA256

    bff4eb5c5c34b3f9e49260a51c8f47cc365d71108a179d6854c338a3c8024fa3

  • SHA512

    445fb84fa024b1d7ca1559f5cb4b16469397027cd1ea12456063413b328913c40ff87a45cc22b90e78141287b7898e6786134b6967d4935048bcaee9e86d9210

  • SSDEEP

    49152:Qoa1taC070d+PFJs+jWVZCAa3e5r3HOFBeLl:Qoa1taC0x36cAau5rHOFil

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8b77b1b6ed4b83f95a46b9911094868.exe
    "C:\Users\Admin\AppData\Local\Temp\a8b77b1b6ed4b83f95a46b9911094868.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Users\Admin\AppData\Local\Temp\97AC.tmp
      "C:\Users\Admin\AppData\Local\Temp\97AC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\a8b77b1b6ed4b83f95a46b9911094868.exe B98FCFEE093261CF6CE00D7E84B17082C6BDEF5800F2B71E79BC57CBF6ACE29AD449E8BBB5A7D5A1DDE5B8D4FAE7E0E0986505AC7121745F0F782BA0DDADA9EC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2396

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\97AC.tmp
          Filesize

          1.9MB

          MD5

          8508bed5e9cd1aca8c7e7edbba97b775

          SHA1

          7538b572fdd8453e0d7d104dd8202536a61c3c8c

          SHA256

          cef8e356b50a3ef99160e634d44f598e9401cd4be022c17165649e2474ffbc09

          SHA512

          ea1049ebd6be4352fbd0df0cc1b1862bbf1ed84778756677723cb696d0333fc60d75757bdf39196ee36ba396ab276e453058738e40dae9fe60435804f594a265

          Download Submit

        • memory/1624-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2396-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download