Overview

overview

7

Static

static

3

e065441a23...5c.exe

windows7-x64

7

e065441a23...5c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 15:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e065441a2363a5563d1a77c8d282dd5c.exe

  • Size

    1.9MB

  • MD5

    e065441a2363a5563d1a77c8d282dd5c

  • SHA1

    b369266fa0a69476093dbb57ae35911e673bf25c

  • SHA256

    273a7559d8d14d1be316a55ca41ead4b2bf7d8a623564d4b048141195f453d0f

  • SHA512

    7d575eba7744ba85329a6a7bc941a2d956877614753c4481c02227888774e16fb9ea7cd0f7515cc458f0d85a686dd912c4bb0b700d36225288962d2e3eae068c

  • SSDEEP

    49152:Qoa1taC070dQuka0iDnmAdlV8JtptojTzi:Qoa1taC03uk/R28J3tou

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e065441a2363a5563d1a77c8d282dd5c.exe
    "C:\Users\Admin\AppData\Local\Temp\e065441a2363a5563d1a77c8d282dd5c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Users\Admin\AppData\Local\Temp\4F78.tmp
      "C:\Users\Admin\AppData\Local\Temp\4F78.tmp" --splashC:\Users\Admin\AppData\Local\Temp\e065441a2363a5563d1a77c8d282dd5c.exe 159ED83013F7019EF1D0975178BA3E9C71E21430B59AAE381C3B7615819C66A3A027F6FEC0F7064D922720B7BDD873C224CCF55828908909BEBDFF5C122C4598
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4F78.tmp
    Filesize

    889KB

    MD5

    8085c181cce4de9cd5bb66523d0beef0

    SHA1

    c036710241450327aee2247580037bd2f3f75428

    SHA256

    3dd20beae6c62b52cf70f2d9d0df1e7be59e1c0a95feb40a3302c9b484bf1afb

    SHA512

    78aecc64057136fe08c35fde6e98ec637fe49411d4f998c418a9015e0433638209162a3c03fd71d98bc32a4510b2ea9c4bba36a98a44c31e67efa7e3ba6567c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4F78.tmp
    Filesize

    1.3MB

    MD5

    fb0193b04636823cbe48b9f8700f3141

    SHA1

    8100de5d01c195f1ccf079c96ec160328c97285e

    SHA256

    9ab961980de4dd12fb0eb7aeef06ba54afa7317a231076b3774989628dfd06a2

    SHA512

    c338e6297e24c2d10a45f9892318d2d146e9720febe5cb6e8b81493697a0a180c2103988a077e6595052ed8f780acd13cf82e6bbddfe6f2616936e463f0a79a9

    Download Submit

  • memory/2696-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2712-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download