Overview

overview

7

Static

static

3

58272c72e8...54.exe

windows7-x64

7

58272c72e8...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58272c72e819316b1feb9c24edfffb54.exe

  • Size

    1.9MB

  • MD5

    58272c72e819316b1feb9c24edfffb54

  • SHA1

    7aec3e12c32695c2346ba3d7179db56f74737de9

  • SHA256

    e3870aad1acd133ddfd6dd63089efa2d05cbb40000894660fdb0506b7b652b4c

  • SHA512

    c7db4aa73291c43855481a0291c0f339b75d2ec6b350467517d39f681184ac689957fc7036a7687feef51040220c48e055a553be5d4bbc0e5b66fe6dbb90bfe8

  • SSDEEP

    49152:Qoa1taC070dgg9u4fMatOzydB+fn1tGIFC6ZmHT:Qoa1taC02Rp8zQBgnqYCtT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58272c72e819316b1feb9c24edfffb54.exe
    "C:\Users\Admin\AppData\Local\Temp\58272c72e819316b1feb9c24edfffb54.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4536
    • C:\Users\Admin\AppData\Local\Temp\50C0.tmp
      "C:\Users\Admin\AppData\Local\Temp\50C0.tmp" --splashC:\Users\Admin\AppData\Local\Temp\58272c72e819316b1feb9c24edfffb54.exe 3842D0F3316D0FE6B2ADD01E470E6D4BE7499442BFB99D04A7E1DD84AD86476B2626E4602AFF5B2C477CFA66F2ABE9947A1E89DE84E93792A3B4542CAA6632A7
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\50C0.tmp
    Filesize

    1.9MB

    MD5

    6b203fb2ff6435489eafa60633276535

    SHA1

    cc2fa467e5eb4f94673666a486fca814b246bb46

    SHA256

    8ebdf2d201e5018513726c2bd025db9565ddb76792408e65c7f6bcaa8637d8c6

    SHA512

    872d0876872f66a3bc06b9ab59070db92de38840510fab191e7b42079bf6717b8440b77ef92220d65ebaf1302e8592931cfabef31d145231d83a0a670b416fda

    Download Submit

  • memory/3276-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4536-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download