Overview

overview

7

Static

static

3

d4f1cc02a5...90.exe

windows7-x64

7

d4f1cc02a5...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4f1cc02a59e8c5ed19c42040a5d4090.exe

  • Size

    1.9MB

  • MD5

    d4f1cc02a59e8c5ed19c42040a5d4090

  • SHA1

    90013904a2ec5bcc60fa05e3ef78be1305ad9495

  • SHA256

    3e90870d09d8b58b37b081a4ea54c6c8cb0dffd064c8c852a39c2a11d705a70d

  • SHA512

    50e9af361a7f406a8736e19b2814151f5f00498cc992c87f318c2871842210dc247b0070758bfc2b7b1185767dc8294644d6a0f6c3f04711e1092e9aa397df61

  • SSDEEP

    49152:Qoa1taC070dsYdz+NzfuRJuFlnEWkrO6sN:Qoa1taC0Kdzsz4uFCWf6M

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4f1cc02a59e8c5ed19c42040a5d4090.exe
    "C:\Users\Admin\AppData\Local\Temp\d4f1cc02a59e8c5ed19c42040a5d4090.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:764
    • C:\Users\Admin\AppData\Local\Temp\515C.tmp
      "C:\Users\Admin\AppData\Local\Temp\515C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\d4f1cc02a59e8c5ed19c42040a5d4090.exe 35C96A2897285FC94686238B18DEFDD7B02A1EFBD8B7326FC82303C5C7CFA8E2BDF329521A7A27BCD21044F54AF5FAE589C09CD874A8318C10879A54A8E6D39B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\515C.tmp
    Filesize

    99KB

    MD5

    4f3bfa2f49f00a874fd7c9cf06ee9b1e

    SHA1

    a35c8573a34746a43b269214732a05f728cd31c3

    SHA256

    e48d82094f024d0f9ca4f369b6a64da1bc7bedfda8091133e734f40e4c2ef02a

    SHA512

    89525a25b7bfec7939bddc2ecae374f64e6586499085d70f6ce42b124fa4d5372c7ef2408255c7abf055c7fd4e47b3e792fafe19817d1c182a79c34830a46349

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\515C.tmp
    Filesize

    114KB

    MD5

    c4760bf07c3d84ca9c3c1ccc506bd34e

    SHA1

    dfb00781760517e501887d4640b4d4f31d1df1ae

    SHA256

    5b027face129c01b00e8f90c8691157ced1813c8c1fbf4ea5700a9cbcce986e5

    SHA512

    d2b973c06915cad0abd468c033c5f980735d75e4ed41193d30af226fbb9773628b9cde7d6969541a44236f8a426c2fe10dd945ff2c0f47a7c57e2a2a1ec8bfe9

    Download Submit

  • memory/544-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/764-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download