Overview

overview

7

Static

static

3

0060e73785...70.exe

windows7-x64

7

0060e73785...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 02:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0060e7378565fa546c476088d1dab070.exe

  • Size

    24.2MB

  • MD5

    0060e7378565fa546c476088d1dab070

  • SHA1

    6ffe2934859c783b4530b6a3de9f2bf2ab90649b

  • SHA256

    4e627f0538ae13dae4d8e5da82338be4db321c495829e54bf01802d3a07c8a55

  • SHA512

    c236df4f6e3a8724284e06a0c7e67d36f3264384ae8fbbbf2fc3d8bba43e3ca5a831bd04b86a33a15b82dce645021f78690f9442cae14dc92d8a2a77ad0bcee6

  • SSDEEP

    196608:1B1IIE5SQz4YOQEt962F02KeaJZu8I6JqvJWV0dw:qsQz4YhEt42jK7g8XJjCy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0060e7378565fa546c476088d1dab070.exe
    "C:\Users\Admin\AppData\Local\Temp\0060e7378565fa546c476088d1dab070.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\is-07NCN.tmp\0060e7378565fa546c476088d1dab070.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-07NCN.tmp\0060e7378565fa546c476088d1dab070.tmp" /SL5="$70126,24380297,132096,C:\Users\Admin\AppData\Local\Temp\0060e7378565fa546c476088d1dab070.exe"
      2⤵
      • Executes dropped EXE
      PID:2772

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-07NCN.tmp\0060e7378565fa546c476088d1dab070.tmp
          Filesize

          742KB

          MD5

          797a2450ad378c2c8c9ce7499a14c4c0

          SHA1

          82902a6a26e9cf94dbe2e78bd847935bd38ca87b

          SHA256

          35737a1b421f0d63df6e4aee4c970897feeece9f3b7da8a174bb2d2593893db0

          SHA512

          eeac15db483fcc4eefda61ab7e646a0879c4015f6852ff531c6cf85a7c65c7c6d5d73b81470161304f7a2a762687910031da2f3346333f5246f661513f096ed9

          Download Submit

        • memory/2212-0-0x0000000000400000-0x0000000000427000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2212-10-0x0000000000400000-0x0000000000427000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2772-8-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2772-9-0x0000000000400000-0x00000000004C8000-memory.dmp

          Filesize

          800KB

          Download