Overview

overview

7

Static

static

3

65cf4d9b89...e2.exe

windows7-x64

7

65cf4d9b89...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 10:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65cf4d9b8942262c739ac51a15afd5e2.exe

  • Size

    907KB

  • MD5

    65cf4d9b8942262c739ac51a15afd5e2

  • SHA1

    f6a42e9c42f66de210cd1c05d29da76d7d88ce5f

  • SHA256

    2b081e543491e3dacd3ee3b823ab485a6ee7d0b5ea1f272a1755ca7b104ec4ad

  • SHA512

    c0b7f47c9140a99189e7b94ac221fb4ed996cf9aa62b4a13c2323905a12288c65b1e5448de3e8405ccbe4ad445bad6168d55e5723230e8f4b7da97553e63710a

  • SSDEEP

    12288:QPs8l6E8n913mJMpeQrpz9eGNaK7W4xsOjpNIr3Q1xyIkjVDa/ZS1:QE8kKMp3p5eWWjOjbQQoa/ZS1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65cf4d9b8942262c739ac51a15afd5e2.exe
    "C:\Users\Admin\AppData\Local\Temp\65cf4d9b8942262c739ac51a15afd5e2.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Users\Admin\AppData\Local\Temp\65cf4d9b8942262c739ac51a15afd5e2.exe
      C:\Users\Admin\AppData\Local\Temp\65cf4d9b8942262c739ac51a15afd5e2.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\65cf4d9b8942262c739ac51a15afd5e2.exe
    Filesize

    907KB

    MD5

    5ed58a163177641cbc1a87f69c6dfbbe

    SHA1

    767cc8439a68e1b0427fe3286601f31909835358

    SHA256

    ac445d4988d32482bd3a5d77a31b367f2c39be18708feb37f354b261afc9ea07

    SHA512

    009d3e694bc823719481ba67495e05d8d4342680a2c5868739bdb4549698883f09d7fae19e641bf2c5df0dcbd127066cc66d3733e005a804cc666ef9a3ab4b96

    Download Submit

  • memory/1120-13-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/1120-15-0x0000000001760000-0x0000000001848000-memory.dmp

    Filesize

    928KB

    Download

  • memory/1120-20-0x0000000005190000-0x000000000524B000-memory.dmp

    Filesize

    748KB

    Download

  • memory/1120-21-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1120-30-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1120-36-0x000000000B800000-0x000000000B898000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1304-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/1304-1-0x0000000001760000-0x0000000001848000-memory.dmp

    Filesize

    928KB

    Download

  • memory/1304-2-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/1304-11-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download