Overview

overview

7

Static

static

3

db5d63a4a6...3b.exe

windows7-x64

7

db5d63a4a6...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db5d63a4a63177417cd816b42dd7a13b.exe

  • Size

    1.9MB

  • MD5

    db5d63a4a63177417cd816b42dd7a13b

  • SHA1

    be8386b5dcf0b37f116254d82623dd09e6ec7ade

  • SHA256

    cefb7d6d9415cffff9556ef2d21c30fdcddfeea36d62d0eadd414b7370a4ea71

  • SHA512

    ce31d51654f2431b42fdf06388e650dd4f4a3c38b52785255c9a8afbb3c45c4c4b3488efb4193829bf346434ffca8319d129d816b1ad0973e6c4a556f7306b42

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10d0nyoAnsvS3P+g5BivN+Gd6h9MitAoFObMj5V:Qoa1taC070d0BAnRPTYdSltCb06bF0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db5d63a4a63177417cd816b42dd7a13b.exe
    "C:\Users\Admin\AppData\Local\Temp\db5d63a4a63177417cd816b42dd7a13b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Users\Admin\AppData\Local\Temp\9EA1.tmp
      "C:\Users\Admin\AppData\Local\Temp\9EA1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\db5d63a4a63177417cd816b42dd7a13b.exe 55AE3C2B4C3AF1D924BDB2FB8759C6AA04B3BC42443B0B86E75049FCB91ECE120C4BFE823AE94CE17D3614C18862500C0730E697360ECD471F47636991D8496B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9EA1.tmp
    Filesize

    93KB

    MD5

    65d49b98e0992a93f5c1bb22d4553a2c

    SHA1

    39ad6486265557a44fe3df23764fbce2eae349fa

    SHA256

    a2099b456f513cdb5347c438c8a48c095d504cd9e7a75618959424f593ac4f2d

    SHA512

    28d9a135e6426015dfa1e9c92e3e13618312c99da6ca35415cb2de758dbadd59f8a1086493b60e0ce274c52db620a02fb144d35607d0af6283722f4895732663

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9EA1.tmp
    Filesize

    69KB

    MD5

    68f9808b65f63043a5aae58ac2c2991b

    SHA1

    7d754a0499780e747ebafb3a3c5660c82fa660f2

    SHA256

    96f9a1854b55acb6e78618f42180da2260b9ca387d8aab2faa4e87b71175072a

    SHA512

    ed695ff187b7e2240cc5d4851eaa34ae5f6be9e245214e31965b723930b4383622bb7c07d108a925f936c02778a9a0aa69c8a981cbf5e243dd2052721d51a984

    Download Submit

  • memory/2992-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3032-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download