Overview

overview

7

Static

static

1

0e6d0c2ec1...dd.exe

windows7-x64

7

0e6d0c2ec1...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    79s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 07:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0e6d0c2ec1afb21714dc4f73aea67fdd.exe

  • Size

    314KB

  • MD5

    0e6d0c2ec1afb21714dc4f73aea67fdd

  • SHA1

    720477e3668c4a06b66c94f9f297e0dc76afa963

  • SHA256

    1351cbab329691404ed9b6ba7b032e8449cfc7f7d7ff4b71f6df7e5945a70952

  • SHA512

    a694c4a58012e73c71e6f9ae61bb041148987c9f4783b505934390b9df47096f837622f2ece4003f057d31f0e95c27a71cec7ea9b255a7ec9b32fac98c839e1e

  • SSDEEP

    6144:I/QiQP9mOtLIfrFGzFlXnqCgiYRSbv0jS0mm3Yrkcz5KWcInG:QQiG9mOFIf5C6CglRSbv0jSg3E5KlR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e6d0c2ec1afb21714dc4f73aea67fdd.exe
    "C:\Users\Admin\AppData\Local\Temp\0e6d0c2ec1afb21714dc4f73aea67fdd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Users\Admin\AppData\Local\Temp\is-3FH8I.tmp\0e6d0c2ec1afb21714dc4f73aea67fdd.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-3FH8I.tmp\0e6d0c2ec1afb21714dc4f73aea67fdd.tmp" /SL5="$A0040,68730,61952,C:\Users\Admin\AppData\Local\Temp\0e6d0c2ec1afb21714dc4f73aea67fdd.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2976

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-3FH8I.tmp\0e6d0c2ec1afb21714dc4f73aea67fdd.tmp
          Filesize

          696KB

          MD5

          90597dd289d801c37937be1a66a8d9f5

          SHA1

          7e4dda1ea3eb253d90eed4a10a575419c11215ec

          SHA256

          3bdd80d7f44989b4ead00de7e6aa59b42aaf8a8ed9563034280cc2a94cbbd1fd

          SHA512

          6a67cb5742dde11367ea4e545e1847a691733226697c34d85c09deed334d22a3533df9c93b0ae79de7cfe224177905ef223d816b65cd7ec101791efbe09445e8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-G25BN.tmp\CABSetup.dll
          Filesize

          13KB

          MD5

          3d91bea9d89869061efc426bef33b5f2

          SHA1

          856b1667634dca1667ebb7620453e0fb2bcfd6bd

          SHA256

          dd03d2188b904aaebe6b07d2053d83452a21310c5ed65d994f733e8100de9af0

          SHA512

          a0110f99ed4156d855d940d4fdad7394145c77185397ea7b136f41bfcb9a2c67c3048d6b7b50143e18b2c721dc019fd400e8dabec2fdb2379b7f342dc4cf363f

          Download Submit

        • memory/2976-7-0x0000000000660000-0x0000000000661000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2976-19-0x0000000000400000-0x00000000004BE000-memory.dmp

          Filesize

          760KB

          Download

        • memory/5040-0-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/5040-2-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/5040-20-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download