Overview

overview

7

Static

static

3

011dfd81a2...3b.exe

windows7-x64

7

011dfd81a2...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 14:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    011dfd81a2a12ace81deb58f85f64b3b.exe

  • Size

    84KB

  • MD5

    011dfd81a2a12ace81deb58f85f64b3b

  • SHA1

    ee2f298a615edfd41c6a1d34eabe97edeb1e5be5

  • SHA256

    c172fa590cd1b6a1590f524559532bbc321761f0f5b60ff29c494c8615cea4f5

  • SHA512

    a6a76de72a50e9d5de771aa78fd28ceeb3e8eede07480345cdddc26fb0eabcf88766f4a2e3357a6dc2071cf334a9b53d14e565703ade5ae6f964b6871e12e04f

  • SSDEEP

    1536:jv/KlOTueV9Ja7igWONGVT7/P+CP+LLs/nA/yUGmvKfp1Q8uA6IN0sut+jBBDzBK:T/KlOTr9Jae3lpz+fUnDzeGQ8VrJnzDs

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\011dfd81a2a12ace81deb58f85f64b3b.exe
    "C:\Users\Admin\AppData\Local\Temp\011dfd81a2a12ace81deb58f85f64b3b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Users\Admin\AppData\Local\Temp\011dfd81a2a12ace81deb58f85f64b3b.exe
      C:\Users\Admin\AppData\Local\Temp\011dfd81a2a12ace81deb58f85f64b3b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4604

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\011dfd81a2a12ace81deb58f85f64b3b.exe
          Filesize

          84KB

          MD5

          8fdcff976136e1b52fc17e3e146d7811

          SHA1

          f6c3bb135b3f48fa6c6188424d1697185bd69f1e

          SHA256

          dcf4e76f0f7af408e8c1c76f8ea01fb7fe5818e91d88fcd5509b6d6fbb07aaaa

          SHA512

          db29bf3e22cd7c93bc5bc8a5d62eedcee726fd9535019eadb22f55bd7c8771acea251e740c6e94f2eb31d16923b88a4c059e0c7425a5716c873681002b81b185

          Download Submit

        • memory/1112-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1112-1-0x0000000001540000-0x000000000156F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1112-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1112-12-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4604-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/4604-15-0x00000000001B0000-0x00000000001DF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/4604-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4604-25-0x00000000015A0000-0x00000000015BB000-memory.dmp

          Filesize

          108KB

          Download