Overview

overview

7

Static

static

3

560240058d...8d.exe

windows7-x64

7

560240058d...8d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    560240058dbd9995d15c86d41e34a98d.exe

  • Size

    82KB

  • MD5

    560240058dbd9995d15c86d41e34a98d

  • SHA1

    d820016a7ec5e289f3691413da71a3c0f3ab18c6

  • SHA256

    d3a96cd34a9cc7f362cd5b92e0e36478ed9ffbf0f6b0e1cdd745f2bc111e9e23

  • SHA512

    9878686ec748bb34fb467900c7237dfd21a63a784e970a784497a84a74f93fead0fc9fdbd983714c741d9cdf449ef6c273835bff9e5c4d3edb2603c4095c6309

  • SSDEEP

    1536:LsbUmqM+W6e7oHKhv2igVJCnwAkyw/erwwQ1T8xB6ZiNoD:LsgmqMUecHhiBwnlerwwQ1TNZiNoD

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\560240058dbd9995d15c86d41e34a98d.exe
    "C:\Users\Admin\AppData\Local\Temp\560240058dbd9995d15c86d41e34a98d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Users\Admin\AppData\Local\Temp\560240058dbd9995d15c86d41e34a98d.exe
      C:\Users\Admin\AppData\Local\Temp\560240058dbd9995d15c86d41e34a98d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\560240058dbd9995d15c86d41e34a98d.exe
    Filesize

    82KB

    MD5

    e024b2821af7f75d9a2c3be2929e16f0

    SHA1

    a7d2db396438deba6415b3f2f729615c72a336f8

    SHA256

    ca3a669b6544c02baed9d9b0d68f8f85eec80f4b050bc679d91f8995cc1df94b

    SHA512

    a2490fc207dfb3304be9925eabc6c9984de91fd82d34a2cf3eda1469f6e64e935d7f7b58d6fe47c2a3ac6c4668be6af58bea02ee9517fb7ae134ca45dbb6b81a

    Download Submit

  • memory/2484-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2484-1-0x0000000001550000-0x000000000157F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2484-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2484-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3800-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3800-14-0x00000000000E0000-0x000000000010F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3800-25-0x0000000004DB0000-0x0000000004DCB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3800-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download