Overview

overview

7

Static

static

3

58272c72e8...54.exe

windows7-x64

7

58272c72e8...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58272c72e819316b1feb9c24edfffb54.exe

  • Size

    1.9MB

  • MD5

    58272c72e819316b1feb9c24edfffb54

  • SHA1

    7aec3e12c32695c2346ba3d7179db56f74737de9

  • SHA256

    e3870aad1acd133ddfd6dd63089efa2d05cbb40000894660fdb0506b7b652b4c

  • SHA512

    c7db4aa73291c43855481a0291c0f339b75d2ec6b350467517d39f681184ac689957fc7036a7687feef51040220c48e055a553be5d4bbc0e5b66fe6dbb90bfe8

  • SSDEEP

    49152:Qoa1taC070dgg9u4fMatOzydB+fn1tGIFC6ZmHT:Qoa1taC02Rp8zQBgnqYCtT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58272c72e819316b1feb9c24edfffb54.exe
    "C:\Users\Admin\AppData\Local\Temp\58272c72e819316b1feb9c24edfffb54.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\AppData\Local\Temp\50DE.tmp
      "C:\Users\Admin\AppData\Local\Temp\50DE.tmp" --splashC:\Users\Admin\AppData\Local\Temp\58272c72e819316b1feb9c24edfffb54.exe C4D08972AF25FD66E6CB8E9D2922643774661F00F2E6B2C9EED7D592DA98316B60666956586BFBB31A8C1762B0C0CA4A515DBC3E2DEEE1788B5FA7854161389C
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\50DE.tmp
    Filesize

    1.4MB

    MD5

    588bfdbaf17feee7db4a5ba53798a2ab

    SHA1

    99b0f17d79f74fe68e023d36b76c7ccea7df28a8

    SHA256

    db9de5abe78f8bbc56e70b4f3a0fd464293bdfcfe67f42930f3827d18b559692

    SHA512

    42ae04094f32108bba6ff9d1eb66ac548cad6c4f60b0bde380918b7ef512611ee5766c33813b9eb2889817e00421ec9e72479d8d5b4aaa4a5564f7c64fc8d06a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\50DE.tmp
    Filesize

    1.1MB

    MD5

    a9786b94abd4676401636cfa5e673a21

    SHA1

    a6c8d75f4da0ac3271da820026e424579ccfeb3b

    SHA256

    b27b4e932866580d30110c88b0aab5784fc5ec0dc8829fe1065795834acf6118

    SHA512

    686a8ac8263e03b8ee74e4018d4ec82801ea3e8a305dc3b8b3cd87ef99b67738127c15b422092ce7dea5a45915da02a14be702a0c9570370c9f7649429c9c528

    Download Submit

  • memory/2080-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2372-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download