Overview

overview

7

Static

static

3

0d7872268e...38.exe

windows7-x64

7

0d7872268e...38.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 19:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0d7872268eebf547507767b47c0b4b38.exe

  • Size

    84KB

  • MD5

    0d7872268eebf547507767b47c0b4b38

  • SHA1

    c5e76d06d6e72bce8e52c3a51795a1a9d65882e0

  • SHA256

    bebab53fc3dd3fb7e1d934dc37e962872cd1bf92520a3d25f63d73d4f719fe50

  • SHA512

    cda891455fc4dbe5e8d2dd3f04670a6371a8f93b63ce9bcffc6c67ec72f4f4230647074f5be04b478e74abc151fb246a5b042d8d7c459dde36b975abda185e4b

  • SSDEEP

    1536:nBiQlK2CP6sUk2s4140SH9cGs1K/Yg9a8VEASlIR8D7wRkzVRN8/Ny8x9EJlt2O:BiQf0U7PSH9cQ19aUVSy8D7wRkzVX898

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d7872268eebf547507767b47c0b4b38.exe
    "C:\Users\Admin\AppData\Local\Temp\0d7872268eebf547507767b47c0b4b38.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Users\Admin\AppData\Local\Temp\0d7872268eebf547507767b47c0b4b38.exe
      C:\Users\Admin\AppData\Local\Temp\0d7872268eebf547507767b47c0b4b38.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2856

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\0d7872268eebf547507767b47c0b4b38.exe
          Filesize

          84KB

          MD5

          acb0cda0afc47af1b3fb55321d1e2e03

          SHA1

          47ba787d3795d7154e54bf3c63c860eb7467dbf9

          SHA256

          967218be507754fd07c6ee2a38b9b5a11c7bc63b5127340de1d9a392c3c20d6b

          SHA512

          6ba3d19c8c32d0089e697e7f50ee8a1a8382b688957a5911b9dd65a8d79c2be0387d59c91de3c4ba94a2bd762ce65d498a5e0224a4857774d64213276639627f

          Download Submit

        • memory/2856-19-0x0000000000140000-0x000000000016F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2856-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2856-23-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2856-18-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2980-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2980-15-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2980-2-0x0000000000160000-0x000000000018F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2980-1-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download