Overview

overview

7

Static

static

3

06506a33b1...7f.exe

windows7-x64

7

06506a33b1...7f.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06506a33b14f58ef9c29a688c6b9f67f.exe

  • Size

    155KB

  • MD5

    06506a33b14f58ef9c29a688c6b9f67f

  • SHA1

    2884d79db4c9580b4160ea47ceee678b7582972c

  • SHA256

    75fd6b0331e47564a0f71d0adea87a07ac55462f7955df3b5b91caea6c59983b

  • SHA512

    e0602f0d2c8abf1aecaeaabfb8423c4ff5742f7b9510b7704c710f71e0e62f1538dfc326ab58776b67dddedb79db5b26304f84fb7291242f4924a3c405b57727

  • SSDEEP

    3072:/uv2RLe0Py9jCngy7xA6gJNQqMuvNYD/5SnQ+drVe2TGyMW2+8G5ojviuSct:/qCg9jUdeJNkqLQ2bxl5ojv

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06506a33b14f58ef9c29a688c6b9f67f.exe
    "C:\Users\Admin\AppData\Local\Temp\06506a33b14f58ef9c29a688c6b9f67f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Oxp..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:1856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Oxp..bat
    Filesize

    210B

    MD5

    07b8bdce40e4acce4e56782ecd873dcb

    SHA1

    f1b3fb0bcef7899fba19568e635164f8c241e18f

    SHA256

    3c9fcac6ffaa722ad1a7a1d415e65b6046cad79a4a21ad17a5d516997d952912

    SHA512

    f0bfed08db3ab2ac055ac4637971206d83211fd394c2551935be68b3de327cd11c34cfbb7caee3c4e052af7b64f0eb993b518040567c5efd0f7827a4498ff402

    Download Submit

  • memory/1680-1-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1680-0-0x0000000000120000-0x0000000000138000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1680-2-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1680-4-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download