Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 14:44

General

  • Target

    c96a3626b2f444249013d7744c2db1cb.exe

  • Size

    1.9MB

  • MD5

    c96a3626b2f444249013d7744c2db1cb

  • SHA1

    617c32d55c4913e55997e605e69bfd27a87e9443

  • SHA256

    c14e4a16c81c21c2577d33d0d0ad748dfafa52ae1c619dff2da1566cab923142

  • SHA512

    6d9e1aaaaf1f330aee3978f4a83d4cb208b262183af1fc5aa9c1b23ec35904eb15ead31ec3a278d4b5370262d35e801e02b6f20b8a2ed7a604050019696dda57

  • SSDEEP

    49152:Qoa1taC070daZMSyE93VhPhhUiActKI8q:Qoa1taC0NZMvE9taiAcYI8q

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c96a3626b2f444249013d7744c2db1cb.exe
    "C:\Users\Admin\AppData\Local\Temp\c96a3626b2f444249013d7744c2db1cb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\AppData\Local\Temp\6567.tmp
      "C:\Users\Admin\AppData\Local\Temp\6567.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c96a3626b2f444249013d7744c2db1cb.exe 96AE55C9AA04F559B9ECF38FD5CE32F3FCE8A5E30F8AB7ADE17E03DBFF3038C47B4CFFE4E1BB6E54E34B899E7C7974A4008C5707AFCB5DB15C6FC043FF3A200A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6567.tmp

    Filesize

    110KB

    MD5

    d80ff4a760b29e61af452221ce3b2e7b

    SHA1

    ca529ea8dd00099ee28dd5e189693ef88c4c621f

    SHA256

    d696467fc7f21d48b496ca07ccce56886c98ec70853194b39c924f91a9bda547

    SHA512

    59dec8c6d466fb70560532e93ecbda15eb4d6ae797a52fa4aa9345d556bfd11f880e5786984f1ed9b64dc9112227e9652e2a0515608eb9799d74e4388a53853d

  • \Users\Admin\AppData\Local\Temp\6567.tmp

    Filesize

    262KB

    MD5

    5eef5b6b9ecc4314a865ad8ecb88c7f3

    SHA1

    271ad25e2bc2de1eb0e69ced7ad16ac96657a584

    SHA256

    141f2b9c19f2006e5511137253e8ab3b671d78565b97664544a9cc5bec526506

    SHA512

    18c25a65a978b56757e081bd5ef36ebc91d0453944bc72af3c9ecc8d953063ef9973bb01e104abe56b1e777aa0fa4f92bf5f71097f5932a3182b29de04ccbdb9

  • memory/400-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

  • memory/3000-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB