Overview

overview

7

Static

static

3

1ad764f845...cc.exe

windows7-x64

7

1ad764f845...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ad764f84519935bf52aefdc081b47cc.exe

  • Size

    57KB

  • MD5

    1ad764f84519935bf52aefdc081b47cc

  • SHA1

    0d8a24f7d114cb80a0413ddbd4d87a619e36ba1c

  • SHA256

    78c4daf15dd77fe734f18737d9cbe0e99a4809a11dbc882bf608bb86a0408a3a

  • SHA512

    1a099a330f8a318f9306cd9b588f02d5f1ab1d4e2f752a697aa384910f8b117fd04629d084173325c32ea3e4e5983e56e60e16b89c5c74f76849c002b3100b6d

  • SSDEEP

    768:41V9Qs9bXN8Nr+9d1s3inDFl453C6yzh4MSb+o70jBlM/QEzOlu5Fl90SOj:4hVzWQuiDF+lC6yHSqKKB5VuV9Gj

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ad764f84519935bf52aefdc081b47cc.exe
    "C:\Users\Admin\AppData\Local\Temp\1ad764f84519935bf52aefdc081b47cc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\1ad764f84519935bf52aefdc081b47cc.exe
      C:\Users\Admin\AppData\Local\Temp\1ad764f84519935bf52aefdc081b47cc.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1ad764f84519935bf52aefdc081b47cc.exe
    Filesize

    57KB

    MD5

    db0493611904a603d9685051819a1c9a

    SHA1

    2c3ac3da57df3b7b8cb898c179f2f4c5ca570170

    SHA256

    8c55c928c0ce8f33eb90af664d99919a0826249c1728cf58c71472a4833c46fe

    SHA512

    084f8d8e301b9d99247e9891a71c8a246837602ef41af5522f91ba7670800edef7434c81ca50f67edf534f03b2c1a4b833105b42ddb5e810e6f6583602b7b55b

    Download Submit

  • memory/2872-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2872-2-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2872-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2872-16-0x00000000001B0000-0x00000000001DC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2872-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3060-17-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3060-18-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3060-29-0x0000000000190000-0x00000000001AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3060-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3060-20-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3060-30-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download