Overview

overview

7

Static

static

3

e6ff3ddff3...6c.exe

windows7-x64

7

e6ff3ddff3...6c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 16:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e6ff3ddff3c367c4a70ad570a3e9976c.exe

  • Size

    974KB

  • MD5

    e6ff3ddff3c367c4a70ad570a3e9976c

  • SHA1

    00c3d8cbb6256f5423821199c604650e66c23483

  • SHA256

    a4444f0a097571c48c67c9be12830d11f37313afc17b33e713fcbef3ecd34672

  • SHA512

    2d268ab8d3751de695a8339ac5a30a8cc1f78f0318a2d55845cfedf74c289b78a4a96980a17dc2962779587cced1ab6f0f97ecab46f1302bc3a7f183eba0c436

  • SSDEEP

    24576:dgdhhQGGniba/WPpuvlBEaneHueYQFSMVpLV:dqj5s8+elYQFSMrV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\pce\znnpu.exe
    "C:\Program Files (x86)\pce\znnpu.exe"
    1⤵
    • Executes dropped EXE
    PID:2524
  • C:\Users\Admin\AppData\Local\Temp\e6ff3ddff3c367c4a70ad570a3e9976c.exe
    "C:\Users\Admin\AppData\Local\Temp\e6ff3ddff3c367c4a70ad570a3e9976c.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\pce\znnpu.exe
    Filesize

    982KB

    MD5

    a8663d7c60eaca4e2fb75a5490ba6651

    SHA1

    85a919dd461b0a6d73a0d949ddb6714fd3cde0da

    SHA256

    241769e2a8cc17760651c990d11f538c1ca6c6252c56375a81722f0acdd1e5f3

    SHA512

    e3b75a37601e212eb690340349ef30550b6f0895dbbc8a711a525ad404882a53d9ee852ba9e8f20ec387d338db2b20504215fceb3b249b46f846228b49147d9f

    Download Submit

  • memory/2144-5-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2524-6-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download