Overview

overview

7

Static

static

3

1e5bed3fca...d1.exe

windows7-x64

7

1e5bed3fca...d1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 00:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1e5bed3fca71ec3725501ed57958abd1.exe

  • Size

    84KB

  • MD5

    1e5bed3fca71ec3725501ed57958abd1

  • SHA1

    35315bd7139460da6f95afb5027a598f2a18c628

  • SHA256

    37629da3d01cd8d11cd659bc956367d99c050735ecf407795bb9703fd2aedf1b

  • SHA512

    fc8ca09ea7939501c6d015a09d8b44e9e0bad21e2b58d68f770baf217b26b8d68b107438c77f1ea74e077b0b46f1db63bbdb35f335764def6316c80479cc1188

  • SSDEEP

    1536:N8SsCAlbzvuBtyqzGiW6BqV/AYieZiyAHKc0BmWW8rKBlqMtBN/n9AEZ:Nq1lfsZzjW6BkAZeZhaGBNj+BlLnlAEZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e5bed3fca71ec3725501ed57958abd1.exe
    "C:\Users\Admin\AppData\Local\Temp\1e5bed3fca71ec3725501ed57958abd1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Users\Admin\AppData\Local\Temp\1e5bed3fca71ec3725501ed57958abd1.exe
      C:\Users\Admin\AppData\Local\Temp\1e5bed3fca71ec3725501ed57958abd1.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1996

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\1e5bed3fca71ec3725501ed57958abd1.exe
          Filesize

          84KB

          MD5

          02dc192ece847a7d7ba370daa168bf1f

          SHA1

          f81c77c14344cead97c972839da9b6ada7db736b

          SHA256

          72bd108a86896f2b135dc4238c5d693dd4b6f645510f070e64d861ea5895325b

          SHA512

          20941202c5cbb21384a53768286a3e139abd65827a245de7adf7b3862dd0d1226205ce2f654db841cb5437c03adce36dcf0ae9d71b9407a9ae281d9b4f0ab97e

          Download Submit

        • memory/1336-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1336-1-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1336-9-0x0000000000140000-0x000000000016F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1336-14-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1996-16-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1996-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1996-23-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1996-17-0x0000000000140000-0x000000000016F000-memory.dmp

          Filesize

          188KB

          Download