Overview

overview

7

Static

static

3

28503e574e...ed.exe

windows7-x64

7

28503e574e...ed.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28503e574ef1a298de29ded884c319ed.exe

  • Size

    84KB

  • MD5

    28503e574ef1a298de29ded884c319ed

  • SHA1

    3f383fa49ac6ebee8200d14c901de36e3960ded4

  • SHA256

    d47424fbeeb8e6742748e9091a13074f3be8e693bf0c8eef329fa45f937c8a28

  • SHA512

    054bebb04f09e30297132b4f436c94d764867c4b0d58470747a7f0351e2bec7530b166e0ed5e0723d04dc4dcd0a94358e04d2540c2dde1ec646fb90dde73aeea

  • SSDEEP

    1536:Q6UW2fbhn4pq8aKRCMo4Rz9f+7SIDFmrLo7vKJKa7wh/iCXuhc38z:QBV4E8XcT4Rz9GFlvK4RVhehc3g

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28503e574ef1a298de29ded884c319ed.exe
    "C:\Users\Admin\AppData\Local\Temp\28503e574ef1a298de29ded884c319ed.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:516
    • C:\Users\Admin\AppData\Local\Temp\28503e574ef1a298de29ded884c319ed.exe
      C:\Users\Admin\AppData\Local\Temp\28503e574ef1a298de29ded884c319ed.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\28503e574ef1a298de29ded884c319ed.exe
    Filesize

    84KB

    MD5

    b8a01352b073ef415240f97626e20762

    SHA1

    f1f81a9c9896116600ba0347ac57256e199af49f

    SHA256

    bae18b7cfa9e0216270144c539a3654c4bdc798ace492ae2fbad4c167e41b06f

    SHA512

    731554f7769ded9c22ba0b44decbf3b49d5ef4cfc411a0814e695741b8a745892a2ab628ed8b169a9bb5c05745be0c4fefd470320fd72e184631443fd5ef1761

    Download Submit

  • memory/516-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/516-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/516-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/516-1-0x00000000000F0000-0x000000000011F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4340-22-0x00000000014F0000-0x000000000150B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4340-20-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4340-19-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4340-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download