Overview

overview

7

Static

static

3

0ceee04097...f4.exe

windows7-x64

7

0ceee04097...f4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2023 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ceee040978ed4d85b39c73173f431f4.exe

  • Size

    744KB

  • MD5

    0ceee040978ed4d85b39c73173f431f4

  • SHA1

    3b08b579755e143cf5effd74da0041fb0b401158

  • SHA256

    7b6270216dff19b969b6ab9c92d8ff7c14c712c67af2523e1f231d0e72762653

  • SHA512

    733d8d7e53241ae20db96fa102240ae0a8a0d658c1f12056513b5b75341c509de250a31ebf31350d7003d354e7d0e14c4b58cda89528fb82c270872ddc58c367

  • SSDEEP

    12288:uaHc64b888888888888W888888888889jscV7TdjL47zdU5imqsX3sv33rD+zG/7:F86IIW7uvmQBsHUezG/aYFkJR30F6rpW

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\is-0NID1.tmp\0ceee040978ed4d85b39c73173f431f4.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-0NID1.tmp\0ceee040978ed4d85b39c73173f431f4.tmp" /SL5="$4010A,371795,121344,C:\Users\Admin\AppData\Local\Temp\0ceee040978ed4d85b39c73173f431f4.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1672
  • C:\Users\Admin\AppData\Local\Temp\0ceee040978ed4d85b39c73173f431f4.exe
    "C:\Users\Admin\AppData\Local\Temp\0ceee040978ed4d85b39c73173f431f4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-0NID1.tmp\0ceee040978ed4d85b39c73173f431f4.tmp
    Filesize

    158KB

    MD5

    b20fbfa2c1a970e11e9c166f66eadce0

    SHA1

    eec46e91d3ea6c054ad02301023159a3a9eb86d2

    SHA256

    0b684f443c3f36f9d2690620c4cf8896f2f7969aed90a09d22063edd20cb3a7e

    SHA512

    0364f51f276387d580dcb1876246e3caa840e4af691881c4e8ee8fda3d97b343dccb3d46afde5370fb2c7a8432c11ea563fa9b91bd6ee792301bec081605a490

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-0NID1.tmp\0ceee040978ed4d85b39c73173f431f4.tmp
    Filesize

    49KB

    MD5

    44d3e3b2b83b94db675308efa0dd543c

    SHA1

    2625d9eae0c3da01b572bd8790eea239de2f273e

    SHA256

    49f926439c7b121530b0c17010c8229280f612611ae93449e465b807d876f5a2

    SHA512

    142905810d69410eb5ea1f00f3253f6c2e30519974290b86d0e5e56921667c415a2cd6fb24102c8f27bfd19b3b24551c668377af1ff8cca3ffce51671dec2c8e

    Download Submit

  • memory/1672-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1672-11-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1672-14-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1960-2-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1960-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1960-10-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download