Overview

overview

7

Static

static

3

fb24a3e71b...3e.exe

windows7-x64

7

fb24a3e71b...3e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 17:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fb24a3e71b4bb78ad3e93a2f489d6d3e.exe

  • Size

    1.9MB

  • MD5

    fb24a3e71b4bb78ad3e93a2f489d6d3e

  • SHA1

    5dedfd1dc977c35266e756babc042dd4ddd0dee9

  • SHA256

    bbf035b73afdb9fd59190b2eb25fa6ed1cec171cb15b75768c41ebaa4a686ec1

  • SHA512

    86f06d9667f1cc754a96d8ff05c3a6a67d38e22e464f936b2a162a5dc892e0f97e9858a55206d6d9dae801c4d9f2651eff66f00f49ef4dbe38306dc5182a18c8

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dwGHeLYWSaX/C2egKZZu14Jp6DNgFYpYd4KPa:Qoa1taC070dwGHevegMp6JOuXPdJPN

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb24a3e71b4bb78ad3e93a2f489d6d3e.exe
    "C:\Users\Admin\AppData\Local\Temp\fb24a3e71b4bb78ad3e93a2f489d6d3e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Local\Temp\8B2F.tmp
      "C:\Users\Admin\AppData\Local\Temp\8B2F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\fb24a3e71b4bb78ad3e93a2f489d6d3e.exe 9603333150AD4BD8AEA40A59FD271033AB6B12D0B795592951668915A0E5CC6227AA65D9F0D73D4B371C2E0096402EC0E58875D6F2C3AED1A519F16A41DBA55F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2512

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\8B2F.tmp
          Filesize

          1.9MB

          MD5

          801ab44315cd2c8321d2af95a2eb1c70

          SHA1

          12d4f0359f81ea2b3820cf9c0462b26e76a03910

          SHA256

          fe7c432bacc321319862f64d250d445f10cba238546fdbe15170934f9e8b4589

          SHA512

          94d179adfe0708821303278b4a3831da4099c833895ae243c9ff3cc4be80f2741160ff29bc657dcd8a94d8f9942d3788def1be135d3849133aa6bea2bbd9ce63

          Download Submit

        • memory/2108-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2512-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download