Overview

overview

7

Static

static

3

6a67a3de2d...56.exe

windows7-x64

7

6a67a3de2d...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a67a3de2d92609840ebfe0ce6c60056.exe

  • Size

    186KB

  • MD5

    6a67a3de2d92609840ebfe0ce6c60056

  • SHA1

    050cf73429baf916a6e6d1f54e59e0aad47c1db6

  • SHA256

    f8bf7cc51302750af2bbad1e26dbcd5dc72861569fc5fd2f266d486b8cb05188

  • SHA512

    ac1599c35499fdc7aeee325cb372fa7675dfe5e1575baab99cb50872be5b8cb50f0c3a8ac56f0cda2e5bc04389de9cf7ba6ecffdca5e36caff1f408798ea2259

  • SSDEEP

    3072:UemgC3vaCO5dJlVbEDRyORp1Can7YA2gHVQbg+aGPNgJBpQmDd9hq4XLE:HmfabTWRyORpY07SgWgFONwBumDd9b

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe
    "C:\Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe
      C:\Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\6a67a3de2d92609840ebfe0ce6c60056.exe
    Filesize

    186KB

    MD5

    f5ecbaf5e5d3477f0da0df063197cdb0

    SHA1

    cc3c79770cb9bf052bf6747099e6bb91e7660803

    SHA256

    894eec84c4c73a6ae76a327071681455acc0e3312682fd20d460f760c4f4b050

    SHA512

    be95281928802343193fd7f6bcdf861d6dd693443f59107a79bc9c1a839e31cc939c9cadefc83b54483492b76463c04971a3f3666cdc5900f49c4f3c643a68bd

    Download Submit

  • memory/1708-0-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/1708-9-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2232-16-0x00000000001C0000-0x00000000001F6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2232-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2232-10-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download