Overview

overview

7

Static

static

3

d761d29e82...d4.exe

windows7-x64

7

d761d29e82...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d761d29e826fe7820afcca9b169a02d4.exe

  • Size

    1.9MB

  • MD5

    d761d29e826fe7820afcca9b169a02d4

  • SHA1

    e270c9967c992aa4e6d55e195793198f71b4481c

  • SHA256

    857b0ca80beaf9e6bcd6acd7fed0d656867f80ceda3438f64894aa18b1e715e0

  • SHA512

    217cc9ae5ebb8c910ad88d4c6e6de84dc2c5a7d0437cbab7ee78140c3d675e2af1d35da68c1cbe57e06d771c5afa16a852fd86dcc2064c7a0324dc91b13b13b1

  • SSDEEP

    49152:Qoa1taC070d2AXEE22Ojgv/wtaKW8DtU2:Qoa1taC0DUEY1wQKPDtR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d761d29e826fe7820afcca9b169a02d4.exe
    "C:\Users\Admin\AppData\Local\Temp\d761d29e826fe7820afcca9b169a02d4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Users\Admin\AppData\Local\Temp\A3E.tmp
      "C:\Users\Admin\AppData\Local\Temp\A3E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\d761d29e826fe7820afcca9b169a02d4.exe 5DE6B13480F9A21F0D2DA700B0CFCA1FF38F573AAF3E125DCD586E344B11A8DB9D45584DF3E81B04F9D8619B718D3F8C90A42BB38DC547B7EF4CF0FCAFCF648A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A3E.tmp
    Filesize

    29KB

    MD5

    a3e58f3dbb4faebf97e1b8875e3c708d

    SHA1

    bf7dc25155ba345bbaa2f601fe7eaa70c8dc5c7f

    SHA256

    39c7ea40de7c435303dd12911debade5d1fb43d10688020e5cc54bf15f8041da

    SHA512

    feb12b2fe1d4ae499b8e6c3bb7e2432d9cb9e95436a8ef351642952264b652c3292d79f8e8fad3502f233fc34762f2855d3fc77b7112af12c74070c7e59fbbdf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\A3E.tmp
    Filesize

    98KB

    MD5

    18363976aceb50057125e858d61c921e

    SHA1

    c72d6dfb8126b3cc9c42f69bb5c726ff94b973b4

    SHA256

    7d3604dc20e561f7892e81e9ba719e10c8ae4d19b3d023e361cebc205822ffb5

    SHA512

    55a4c7cef48f4fc929dbcaa848d587934ed7dc9adf5fd27948b4cee68ed3beb48d6b74b579f711a80f983ab188f4f2c369d3e2a0ce48688c21151c241417a73f

    Download Submit

  • memory/1108-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2992-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download