Overview

overview

7

Static

static

3

f8f4dee912...e3.exe

windows7-x64

7

f8f4dee912...e3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 16:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f8f4dee9125e3ca3f27076a0ca627fe3.exe

  • Size

    1.9MB

  • MD5

    f8f4dee9125e3ca3f27076a0ca627fe3

  • SHA1

    54b6f79bcf212968082d73212798a74d02388f7c

  • SHA256

    72844caa103182d554650243b3497aa3ab99445ecb8eef9b7035d6ef1c2265a3

  • SHA512

    c3063e3e93b6d083f9fb8af30c16a25fd2b317877c276c56aa3c5c9af6d7985ebd33c3dfcdbd54c02387a191c9caaf3155983a38b4c0d78434d3a861b59a7766

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dCPl6gPDngAW/T8rsCu2YKDTRPvvPwmVbNAox:Qoa1taC070dCsgjuAPR5FPvpvJdiKz7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8f4dee9125e3ca3f27076a0ca627fe3.exe
    "C:\Users\Admin\AppData\Local\Temp\f8f4dee9125e3ca3f27076a0ca627fe3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1080
    • C:\Users\Admin\AppData\Local\Temp\A74C.tmp
      "C:\Users\Admin\AppData\Local\Temp\A74C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f8f4dee9125e3ca3f27076a0ca627fe3.exe DB965ED7169AD89A221AD26B4334CCDEC3259F8020AC43CCB7E53C4B436D5936E4CFCEE6D9E4C138F3629E1DDF6E1EA6BE28792D4686C62C5EAFD375BEA425DD
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3912

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\A74C.tmp
          Filesize

          1.6MB

          MD5

          9b7bc84d2d493f843f4bc6a9614e651d

          SHA1

          bb292efb7000ad11d6c8199c7260365f774d1fa3

          SHA256

          1ad282509143e3bad0541789fd55f80a214a9946f9441dfbd01d3ff3db400012

          SHA512

          a462b3011f73353665af39040c061d5f9779b5ef667b46fae6c8022518655970aea58ba01b1ea4bb361f16736f4033e4876c7f23e2717f6bb9252102c5075ce8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\A74C.tmp
          Filesize

          1.2MB

          MD5

          b0c5799c72160b93b50aa007c7597645

          SHA1

          a821af733b4d9b6bf684b0b846f3006bb24be2f0

          SHA256

          b9d91ac605a7b6371ec4b105baff801444ad3de49b97b58e39e6afdece0c7ccf

          SHA512

          3b4979ab6e3c0890ff44baf6858c619f7a4b3d6b1f73c063be06f5dff69406c5eda1e016800862d8901b7d772a18d434c7130961fcefec7fe68e3d415f105c16

          Download Submit

        • memory/1080-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3912-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download