Overview

overview

7

Static

static

3

c96a3626b2...cb.exe

windows7-x64

7

c96a3626b2...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c96a3626b2f444249013d7744c2db1cb.exe

  • Size

    1.9MB

  • MD5

    c96a3626b2f444249013d7744c2db1cb

  • SHA1

    617c32d55c4913e55997e605e69bfd27a87e9443

  • SHA256

    c14e4a16c81c21c2577d33d0d0ad748dfafa52ae1c619dff2da1566cab923142

  • SHA512

    6d9e1aaaaf1f330aee3978f4a83d4cb208b262183af1fc5aa9c1b23ec35904eb15ead31ec3a278d4b5370262d35e801e02b6f20b8a2ed7a604050019696dda57

  • SSDEEP

    49152:Qoa1taC070daZMSyE93VhPhhUiActKI8q:Qoa1taC0NZMvE9taiAcYI8q

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c96a3626b2f444249013d7744c2db1cb.exe
    "C:\Users\Admin\AppData\Local\Temp\c96a3626b2f444249013d7744c2db1cb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Users\Admin\AppData\Local\Temp\4D93.tmp
      "C:\Users\Admin\AppData\Local\Temp\4D93.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c96a3626b2f444249013d7744c2db1cb.exe 5C555D9B7B54F9A8D65029D5372282D538C34EFB91D3D8EA6AD63A8038DD7F71BC3B4CDFAA87FC4C3057C12DD6281B27B46CD4081DB3BCBF72AA9973471B0EEC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4D93.tmp
    Filesize

    285KB

    MD5

    c4ada422f1d70ececa679f547357f217

    SHA1

    558031ee8f2d39f895d587eac5cbb21ce194d8c3

    SHA256

    f6d849c06edad863ee5330669ffeb0e121d0216b67d5b512fc8842c530822f5c

    SHA512

    78467650be9bbf218a12eddf9204b8021af20c24c4845483c509bd3e90d8d506439f5d461c39e8ff8d799c4ffaeb8d5459b0dfa2dffb1436693cda89706277ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4D93.tmp
    Filesize

    164KB

    MD5

    5886abb936293ac28a5b9c8078a9f3fa

    SHA1

    2daf783b58ceed05c9df282cfe80e21dd053d9d5

    SHA256

    45192581092f4d6455050c3cc709ccfc75ad0f25e8e8e037329a762db942ed6b

    SHA512

    56b463b5c7a3e53c95b758af126d259222b2b2f01c1fe5e45b710eb02a87242a3a68a1725ca06180ff4f7115a5a8452e5c545cb534cf7670147b4f1d5519c61b

    Download Submit

  • memory/2268-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2696-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download