Overview

overview

7

Static

static

3

79386ca38a...54.exe

windows7-x64

7

79386ca38a...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    173s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79386ca38ac71e66670f0c4198d3e954.exe

  • Size

    169KB

  • MD5

    79386ca38ac71e66670f0c4198d3e954

  • SHA1

    0052403ccf870d23bbee349ac537d646cdd83ea1

  • SHA256

    4ebd5830e848c4824dc5d632446a1fada7924ce12cf87d5ff09908ea2531172c

  • SHA512

    a06b74451f78b0015a7a533ebc81d8f01e391d3b1686a25d8febbfb77d9aff8403667b1f47ee52dbf425d8abe97b63839a7c9e8f6b0dba43f1bc8082487b52dd

  • SSDEEP

    3072:Tl2hMeZEtrmhRrZBfRnrvfx6nSgVpWd+F2M46X6t1e75bCyZ94hi1ffHef0ZgUKX:Tkh4mh9ZBZnc7Vw+F2gX975jUEeseUTe

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79386ca38ac71e66670f0c4198d3e954.exe
    "C:\Users\Admin\AppData\Local\Temp\79386ca38ac71e66670f0c4198d3e954.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Users\Admin\AppData\Local\Temp\79386ca38ac71e66670f0c4198d3e954.exe
      C:\Users\Admin\AppData\Local\Temp\79386ca38ac71e66670f0c4198d3e954.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\79386ca38ac71e66670f0c4198d3e954.exe
    Filesize

    169KB

    MD5

    23adeac014c816108cb935214b1874e8

    SHA1

    610bb7f3f69a90e4d51152d08fb30a6071b5e369

    SHA256

    16c92302e5748ea659d0bcc8baf346eaeca6d7fac4c7223495e719c4cfe7f01d

    SHA512

    90422f952b7339296e214cad946b77a215b6eaa00c407800ea83b72d67996785b5bc3e7c24710ac45cf49c68508fbd7e3f566451996dcb371e3f4a702b08a7cb

    Download Submit

  • memory/3968-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3968-14-0x0000000001500000-0x000000000152F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3968-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3968-25-0x00000000015E0000-0x00000000015FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4452-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4452-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4452-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4452-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download