Overview

overview

7

Static

static

3

fbe14f1bba...79.exe

windows7-x64

7

fbe14f1bba...79.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fbe14f1bbac4bd9a706dfc4a4a349f79.exe

  • Size

    1.9MB

  • MD5

    fbe14f1bbac4bd9a706dfc4a4a349f79

  • SHA1

    0d009ccec199849d2034ace1cd145fb27cdb8089

  • SHA256

    1b800b272412928d24c21bce57863980c71b1574b31c547f698d86cf3634d742

  • SHA512

    211cafa7cf8d7e709fa45fd6278da7ba53248d1141fd69a4b9078448e809dbb4c8dda906343594fb68fa5f5423669bc813cf857acbe2cd90816521c20a04210e

  • SSDEEP

    49152:Qoa1taC070dslxWGiIIgjMburPIuzj75RF7kHvu6GbCve:Qoa1taC0UajbTI67qm+ve

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fbe14f1bbac4bd9a706dfc4a4a349f79.exe
    "C:\Users\Admin\AppData\Local\Temp\fbe14f1bbac4bd9a706dfc4a4a349f79.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4248
    • C:\Users\Admin\AppData\Local\Temp\4A09.tmp
      "C:\Users\Admin\AppData\Local\Temp\4A09.tmp" --splashC:\Users\Admin\AppData\Local\Temp\fbe14f1bbac4bd9a706dfc4a4a349f79.exe CA4960A1B5041ED7F3ED9275F17F412B649E3BFD131D7E7C603A4B6511CA121D9677DDD4EE0FAF29A1F2921EE536F08126A06F0181AE0CDDA19CC6B1DEFEF274
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4A09.tmp
    Filesize

    904KB

    MD5

    46d9c6bd28ce46ed62228c8468518a2e

    SHA1

    93c5c89fec85abe07086aeba5b41cdca478335c7

    SHA256

    29c5b938f4d90282b4de886642880924e91a6b80133c110ffafea388d24705a0

    SHA512

    0ac2d3bc40861b54e5b155186cdf900b2f626eb55b408a47d7403c477f961496fb0294ba399fb2073a20722aed60ef59dae464598db5ebe30b7f54a17ac6e54b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4A09.tmp
    Filesize

    384KB

    MD5

    002d80923d72bd312046cd6ae6d5bf24

    SHA1

    e8d319ac5ea8c19795997b2cf07b370aec3fb3c4

    SHA256

    7edbde5382ce980107021819e939229e65bbea14b00189986e7bc2268d14146a

    SHA512

    14b0207c9c7a705c19c64a1f0fb4445f61a207835e0f91978496f4bacd1ceb4bb9d58539066dee816513e46d688c4ef7b879fdbd389914cc912909ea8b90f24e

    Download Submit

  • memory/3396-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4248-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download