Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 15:56

General

  • Target

    2b164e7165afddebc3a795016cef07f1.exe

  • Size

    1.5MB

  • MD5

    2b164e7165afddebc3a795016cef07f1

  • SHA1

    2b450a69aaf208fb2471998bfc85000407d11e2d

  • SHA256

    a0e96247a16699f65bae32b9c5ed7bed1efae83f391988cd31a794ccb575c706

  • SHA512

    d294a5e9460619a6997e1dcfc98e5abfd0941c4bb1e56e781d1b06b4e083ffded365829c31604bdc2620f67b6cb2cd77db0632ec5255512be2689d2f053d8938

  • SSDEEP

    49152:lrq0R07QQmgtdejDiuTuSrhBBtyGOJofSZ:hq0+7P3eH/rKGO2W

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b164e7165afddebc3a795016cef07f1.exe
    "C:\Users\Admin\AppData\Local\Temp\2b164e7165afddebc3a795016cef07f1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Users\Admin\AppData\Local\Temp\81C.tmp
      "C:\Users\Admin\AppData\Local\Temp\81C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2b164e7165afddebc3a795016cef07f1.exe 83FE188FD2AE5FFF0628A8326BA35033A633A27BEFE22AD9978840670792F7B5E1306AAE7CB25D11F1E333B9A5256105D4220A6AC449B6B14429BE9C60697DAF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\81C.tmp

    Filesize

    1.5MB

    MD5

    4fa7900e3cc1874b3823f364ea79c2ea

    SHA1

    65fb35189278f09b95e3ae3b44c865a9f2e3d808

    SHA256

    3b72c24550aef844ea73258ae28fa07e5aee7d4bfb142a8f33498106a25f362b

    SHA512

    433a37a9a18051324f60d55f35918d4d59022128150e270824ae5a0efe79d58ed0bb4e59f0dfa10e72fe68717305e8c91246b0837a128d13cc67c7691b31876e

  • memory/2752-8-0x0000000001090000-0x000000000125E000-memory.dmp

    Filesize

    1.8MB

  • memory/2752-10-0x00000000000F0000-0x000000000016A000-memory.dmp

    Filesize

    488KB

  • memory/3024-1-0x0000000000170000-0x00000000001EA000-memory.dmp

    Filesize

    488KB

  • memory/3024-0-0x0000000000E10000-0x0000000000FDE000-memory.dmp

    Filesize

    1.8MB