Overview

overview

7

Static

static

3

d693ec14d6...50.exe

windows7-x64

7

d693ec14d6...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d693ec14d65b7ee99084b633fb7a1650.exe

  • Size

    1.9MB

  • MD5

    d693ec14d65b7ee99084b633fb7a1650

  • SHA1

    fc993988a34a5368d65e1be441bc164cd7bb15dd

  • SHA256

    66492d1e132c76903eb0309c0638803021b23b0f6fd3abdf8534913fa33d7114

  • SHA512

    22cc2b1306c8999819d39e29f78ccdd21674c6993a0b33413886eb6397fab4680f547033d4baf07722aa65bd9196ef7d8dcf6d911051d600e988c98e400131c9

  • SSDEEP

    49152:Qoa1taC070dd6F2FVy9I8Jf0X1qVYMcCokQSOCz:Qoa1taC0e6F2T9+0HMmrm

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d693ec14d65b7ee99084b633fb7a1650.exe
    "C:\Users\Admin\AppData\Local\Temp\d693ec14d65b7ee99084b633fb7a1650.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3352
    • C:\Users\Admin\AppData\Local\Temp\920E.tmp
      "C:\Users\Admin\AppData\Local\Temp\920E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\d693ec14d65b7ee99084b633fb7a1650.exe D7C47CF49FF715FA2366893CD397BD7E2EBCA7888E0DA734E1BB0CA2D6520099969628AA3FF543BD9B11DE4BADFD232D6C7D527D96FDE266FFE52296B3258DFF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\920E.tmp
    Filesize

    1.9MB

    MD5

    8dc45a4a56df3adc1adbe32af595b78a

    SHA1

    889d6e4567d58516ac4f99f8960a52e5879f1bc1

    SHA256

    0364934758c7fada11e50a3039c8526f86fa706081b7a87a299ddddc6d9de934

    SHA512

    a15ae9ddb81f0c7f309cff9fe5a546cf03740b99a009b5c6db4e4a96fabb74c2c58368e37bb6a36cae66e620ecb1e784930a2e7c1c82be39546021848577357d

    Download Submit

  • memory/2900-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3352-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download