Overview

overview

7

Static

static

3

119c8c3419...d6.exe

windows7-x64

7

119c8c3419...d6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 08:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    119c8c34197a1b1b1b0b8a002d2d37d6.exe

  • Size

    57KB

  • MD5

    119c8c34197a1b1b1b0b8a002d2d37d6

  • SHA1

    32248f6a21fdbab3150dcbe91e761a5cca65a4bd

  • SHA256

    ea3e818b4ccacd56e876145e0011ff4a451f7c95ca4ebcea897289f96650ce03

  • SHA512

    4d258f271fbfdeaea7e8cb212c336e162dbaeab0d1e0e770448147cdac6008d8c3dd0efac4cbe54078d65e2f1aacb5e5bb5575b336a53c4fc1956e556347eea1

  • SSDEEP

    768:JPjJtYqJHC0qBkXvQz9j67RarlR10hHkBH5OWUmy54/QqxBfRZHvo7cSf2TL:JPl+qxVA9GRtkF5OWUH5+BJZwoP/

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\119c8c34197a1b1b1b0b8a002d2d37d6.exe
    "C:\Users\Admin\AppData\Local\Temp\119c8c34197a1b1b1b0b8a002d2d37d6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Users\Admin\AppData\Local\Temp\119c8c34197a1b1b1b0b8a002d2d37d6.exe
      C:\Users\Admin\AppData\Local\Temp\119c8c34197a1b1b1b0b8a002d2d37d6.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\119c8c34197a1b1b1b0b8a002d2d37d6.exe
    Filesize

    57KB

    MD5

    fed51447a90e6e65d1c7304958d004b8

    SHA1

    6c0cdf2002de7f0adf16df5966b9932082c20cff

    SHA256

    c42809d4c5bd90bfe1f20e11085e4c652c203bf56ccd4965db93b61e4e275b02

    SHA512

    f991313871d1fe42c564c80747128f3026036c025dad772768414571bb6f3f7c699576b238e581431476552539e4b70292893be4d94f24700cffdb97660129e5

    Download Submit

  • memory/2100-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2100-6-0x00000000001C0000-0x00000000001EC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2100-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2100-16-0x0000000000310000-0x000000000033C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2100-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2392-17-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2392-18-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2392-29-0x0000000000190000-0x00000000001AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2392-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2392-20-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2392-30-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download