Overview

overview

7

Static

static

3

234c492623...b7.exe

windows7-x64

7

234c492623...b7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    234c49262325a15fc2aec09cc14f64b7.exe

  • Size

    162KB

  • MD5

    234c49262325a15fc2aec09cc14f64b7

  • SHA1

    9af628563e166f04d48b1ebaefe8e79f0754f7b5

  • SHA256

    27f1ef19d85b4744b72d5d6f8bc0343646af12609ef971e8b24ebc8bba57ee92

  • SHA512

    22f60f7a27fe3d548e4e996f1dc8aacf7f65ab86adeb42d1784542c45bf23f215e711c5fc532ed7014d9d65c9f4fb01d53eedce7a371bb3f161123c96d47bebf

  • SSDEEP

    3072:kFl4CYMJBbFJDnAg2QD8ntqYbYbFyiOEJAUUXvNK+T/b8bITU02MJ2:k3YMJBbvAg7D6onByij4vNKGD8UU0RJ2

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\234c49262325a15fc2aec09cc14f64b7.exe
    "C:\Users\Admin\AppData\Local\Temp\234c49262325a15fc2aec09cc14f64b7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Users\Admin\AppData\Local\Temp\234c49262325a15fc2aec09cc14f64b7.exe
      C:\Users\Admin\AppData\Local\Temp\234c49262325a15fc2aec09cc14f64b7.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\234c49262325a15fc2aec09cc14f64b7.exe
    Filesize

    162KB

    MD5

    7a0cdb66a0d2c84e4862873ad4a5cbb2

    SHA1

    9a1685f78836391e19ce225668f8ef0b9e042b4e

    SHA256

    6a4d8659f29bc7344fa05ed407d4d0225328c44c6cf5d2cf2c0f10c2da5daec0

    SHA512

    5bc28794cedaf649a4f80dd56305e18be27a3f7acd1dc212168cac3e33d1d976d827a38494c14d2be46b42638d2888d4dc40bd996c4bfde174d412ffdba8f351

    Download Submit

  • memory/1204-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1204-19-0x0000000000140000-0x000000000016E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1204-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1204-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2688-0-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2688-2-0x0000000000140000-0x000000000016E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2688-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2688-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download