Overview

overview

7

Static

static

3

f6f8bb3325...2c.exe

windows7-x64

7

f6f8bb3325...2c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6f8bb332506dc7d7257c1cfac71602c.exe

  • Size

    1.9MB

  • MD5

    f6f8bb332506dc7d7257c1cfac71602c

  • SHA1

    faa58c230c13c3e19b5f4fb40717137d60b0f3bc

  • SHA256

    ca3265d6605a2f988a3920bf033a0da2549d7582ef762a6cd956de703b6d99e8

  • SHA512

    69ac8df59f3e68b75ac21a9d402e52429d490ffc1b376cd94dbb54f5370a956288df7e0df6ed3e90418476c4d7821dff2a19986896047a015a4ba23fc37f827c

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dA/iD9ng+6BDb1oetiywWc+R+402YZ0ZkA6Va:Qoa1taC070dA/iv615LkWtE9oOJBW9Mi

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6f8bb332506dc7d7257c1cfac71602c.exe
    "C:\Users\Admin\AppData\Local\Temp\f6f8bb332506dc7d7257c1cfac71602c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Users\Admin\AppData\Local\Temp\6B1E.tmp
      "C:\Users\Admin\AppData\Local\Temp\6B1E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f6f8bb332506dc7d7257c1cfac71602c.exe 7ECB98312B1DF5F434C6BE98D935E3F5922002A4B25A395D79137A3992EB7D09F903C80AA4DA1FA40AEB1D500BF1E01CC1345BC22F54A1EA4DF7266DD9F873C2
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6B1E.tmp
    Filesize

    1.9MB

    MD5

    208f440e803a4b229bbe2f95f41c672e

    SHA1

    4e04d9a2b1f65a46183b552a566df5df8abe0331

    SHA256

    025eb0b369a381777eed7cf2740e0e739b2e3c66aa15e94ee3981c3f6c8443de

    SHA512

    18815e0c72710a01bfbfc68afaf10405dbf205a251cd34148bfd83de7b3c83cd6fcbdd9908f3ade9cbadb3a025b6253d41f551acceb7c6c3a6b2d182e9cdee87

    Download Submit

  • memory/1804-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3056-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download