Overview

overview

7

Static

static

3

fcb5164245...c6.exe

windows7-x64

7

fcb5164245...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-12-2023 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcb5164245b5e78d5566bde2ab2506c6.exe

  • Size

    1.1MB

  • MD5

    fcb5164245b5e78d5566bde2ab2506c6

  • SHA1

    759cec277132b66a8ee069b4b388f38b8c5c3d20

  • SHA256

    491bcf9fa93f577f6635a71d1170fcd5c6962c6cb8ce92e3f541909978639df5

  • SHA512

    1de8f2c5b194aa6e1fc10e344fd20f946a20dd2506d57cf7a74e986e22a6286964bdd1adc9fe5a42404bd9d6879f9f8ce86f62b66acbf51c1d9f28861561a56c

  • SSDEEP

    24576:qKeyxTAJnMHn36sQ7H/yQQuYmlswByeiGZAw1m:qKeyRAJe3LqaCY4LyeLZbm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcb5164245b5e78d5566bde2ab2506c6.exe
    "C:\Users\Admin\AppData\Local\Temp\fcb5164245b5e78d5566bde2ab2506c6.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:384
    • C:\Program Files (x86)\xpkc\ltsjfmqfsy.exe
      "C:\Program Files (x86)\xpkc\ltsjfmqfsy.exe"
      2⤵
      • Executes dropped EXE
      PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\xpkc\ltsjfmqfsy.exe
    Filesize

    1.1MB

    MD5

    ede8149cf0b08b81189c6993f94361b4

    SHA1

    02c702d4764ef03c1b812cd39a7e011570088252

    SHA256

    3ce2744b02e5d5dc2c171d59908733466c2d8a442faddd2fe200caa8976e17ff

    SHA512

    9c56914cc4fe64c1439fd10d8c1100d2f23ddee516c8f02b501181990aa864c6427cea3e1754a93feb38b5b5608c96e31b1372c340a6b61378298cebdcec0f9a

    Download Submit

  • memory/384-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/384-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/384-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1800-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1800-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download