Overview

overview

7

Static

static

3

379ecdbc37...a2.exe

windows7-x64

1

379ecdbc37...a2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 19:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    379ecdbc37555c719cbec501cd2e29a2.exe

  • Size

    82KB

  • MD5

    379ecdbc37555c719cbec501cd2e29a2

  • SHA1

    b7bb203a962d8211b42bc2937547919c224d39c6

  • SHA256

    9f911fb8e67b3bfb342c9c562deecf528faf814f424db6670ec3182b4bea9355

  • SHA512

    be7ad8886f2eabe689d2cc8182c9ea960b62ff05d15633901ae5a1b7715456cb5872f3a06c7ebe444f84adf249ebc4dd56aa299460b4f5d95e1371c5f1206f0d

  • SSDEEP

    1536:fFZjn2D056AvupeDCS3YxpOX32lQQMhp5C74yfeXRHV93:XJFvQeDCSoS/QMj5bXRHV93

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\379ecdbc37555c719cbec501cd2e29a2.exe
    "C:\Users\Admin\AppData\Local\Temp\379ecdbc37555c719cbec501cd2e29a2.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1452
    • C:\Users\Admin\AppData\Local\Temp\379ecdbc37555c719cbec501cd2e29a2.exe
      C:\Users\Admin\AppData\Local\Temp\379ecdbc37555c719cbec501cd2e29a2.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:532

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/532-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/532-19-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/532-22-0x00000000000E0000-0x000000000010F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/532-23-0x0000000001500000-0x000000000151B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1452-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1452-1-0x00000000001D0000-0x00000000001FF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1452-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1452-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download