Overview

overview

7

Static

static

3

51c8d4fff5...16.exe

windows7-x64

7

51c8d4fff5...16.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    229s
  • max time network
    236s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 03:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    51c8d4fff5fc076e55940419770cc716.exe

  • Size

    385KB

  • MD5

    51c8d4fff5fc076e55940419770cc716

  • SHA1

    781323d6348921654b76ad0ea8900ef4f32bb28d

  • SHA256

    e864d1b355e7e16f10064ead158a72563baf391f7d321c11bf8dc2afa7ac1a20

  • SHA512

    97c130e6408431617ce56c8b843e75889bcd310f6525fe84ab61e7fc4806d19aab67ddfe7f3465f01d1d8514b55756369802cff446698072bcdfbc6943079760

  • SSDEEP

    12288:S5Hi/vKqSV3bS4iYBboU8T9obgGQSTzhUFDeIjKNHryI6iz0/3fSUSt+W+9V3yZV:S5HEK3VLS4iYBboU8T9obhnTzyFDeKAT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51c8d4fff5fc076e55940419770cc716.exe
    "C:\Users\Admin\AppData\Local\Temp\51c8d4fff5fc076e55940419770cc716.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Users\Admin\AppData\Local\Temp\51c8d4fff5fc076e55940419770cc716.exe
      C:\Users\Admin\AppData\Local\Temp\51c8d4fff5fc076e55940419770cc716.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:656

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\51c8d4fff5fc076e55940419770cc716.exe
          Filesize

          385KB

          MD5

          73a5d616c7f3f70ad595c1584a10c394

          SHA1

          ca73d13bfa67259834a14c6f0181e1a9d1ddb9c5

          SHA256

          49d6cf82b9e7a73442673a4b78f137404eb21d21b397c81d87100c577b373746

          SHA512

          33bbda8ed25535cb8086089ee92207427ba785538301eac8f5cecbbdec3873c88a2e8cc52aca210a6efc09d72de74baeb7c2ef59e338e324ab20fb89accea36f

          Download Submit

        • memory/656-13-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/656-16-0x00000000015D0000-0x0000000001636000-memory.dmp

          Filesize

          408KB

          Download

        • memory/656-21-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/656-20-0x0000000004EA0000-0x0000000004EFF000-memory.dmp

          Filesize

          380KB

          Download

        • memory/656-30-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/656-36-0x000000000B600000-0x000000000B63C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/656-35-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2552-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2552-1-0x0000000001620000-0x0000000001686000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2552-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2552-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download