Overview

overview

7

Static

static

1

24b77007cb...cb.exe

windows7-x64

7

24b77007cb...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 14:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24b77007cbd42db2854728b029f2f3cb.exe

  • Size

    643KB

  • MD5

    24b77007cbd42db2854728b029f2f3cb

  • SHA1

    cc7aecc58da1bbf5b38119362a8d300ab6880aeb

  • SHA256

    6a4164bcdc021f501562a3b37840dc82625533f60fa5d0dffa839ee12db5b352

  • SHA512

    e5ddc278630825689ee5460349bb05d2fad582ef79d72989a26ad676d05516b53e9933e0617e822a98b5e3f7168103241ed2df918346e2d004eae2c7f0f27aba

  • SSDEEP

    12288:sna9eS+j66Tb7lxOq7FnbR+2hgVwcyL8YGF4O2DnM2xk/O2m:snasShyb771lb9APSGQJxkTm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24b77007cbd42db2854728b029f2f3cb.exe
    "C:\Users\Admin\AppData\Local\Temp\24b77007cbd42db2854728b029f2f3cb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Users\Admin\AppData\Local\Temp\is-TQU69.tmp\24b77007cbd42db2854728b029f2f3cb.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TQU69.tmp\24b77007cbd42db2854728b029f2f3cb.tmp" /SL5="$9014C,378347,54272,C:\Users\Admin\AppData\Local\Temp\24b77007cbd42db2854728b029f2f3cb.exe"
      2⤵
      • Executes dropped EXE
      PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-TQU69.tmp\24b77007cbd42db2854728b029f2f3cb.tmp
    Filesize

    94KB

    MD5

    e58e70a2b4462673edd03413f6d872d0

    SHA1

    9565079d06bd28905610308e61a0e3efdac57e47

    SHA256

    e74ad52bfc3eb7f60c31ae5eb386321da188f7a897a135ec2510aa17f7798b89

    SHA512

    4b92c647d9521970b33fba3f339becca33b5c1f2c0089173bcaf35223aef0398d01c04103a2723ce8605f0aa5cb70f9e00eb68a9b923ca67520e3e2dc007541f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-TQU69.tmp\24b77007cbd42db2854728b029f2f3cb.tmp
    Filesize

    92KB

    MD5

    01b0971fadf8c95a7e4c94cce202802e

    SHA1

    cf0cc3f6eaad0454f8e65ee1cc046a919840194b

    SHA256

    928034965fb1f9eb941c2937e5c49bbab4524e3012452e46e123a53ba5bd0510

    SHA512

    62a1addb501d3c2e5478c37726a07c380c7ca2d0daec08fe9167a0bcf4d0ffdfba78d4610c8b794aa97ea6c70bdb11f2df2c1291e80335769ec2c415ddadfb46

    Download Submit

  • memory/316-2-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/316-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/316-13-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1224-12-0x0000000002210000-0x0000000002211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1224-14-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1224-17-0x0000000002210000-0x0000000002211000-memory.dmp

    Filesize

    4KB

    Download