Overview

overview

7

Static

static

3

052aed5b04...65.exe

windows7-x64

7

052aed5b04...65.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 22:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    052aed5b047b14e6f258c446869c3965.exe

  • Size

    385KB

  • MD5

    052aed5b047b14e6f258c446869c3965

  • SHA1

    5024463c3d8af4ee23dc3192a2deb14249f49d49

  • SHA256

    3e88aa6bb37a439378cc9979bf924825fe00442137af183f7e6a445fae597cfd

  • SHA512

    c4a2136bff50234b165bd1222020ca1228dde245bc710c90da57c6142631002527d0f3ad1afa9537571c5a6a7a0c03b8dc319d6b8e56ebea6006c05b13e1206a

  • SSDEEP

    12288:nIaRo+IcxLISUVcviJIS/AO7AYCwtriCB:5RoQxUSsMk17RrxiCB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\052aed5b047b14e6f258c446869c3965.exe
    "C:\Users\Admin\AppData\Local\Temp\052aed5b047b14e6f258c446869c3965.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:824
    • C:\Users\Admin\AppData\Local\Temp\052aed5b047b14e6f258c446869c3965.exe
      C:\Users\Admin\AppData\Local\Temp\052aed5b047b14e6f258c446869c3965.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2488

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\052aed5b047b14e6f258c446869c3965.exe
          Filesize

          385KB

          MD5

          fd295ce2a2b41d62b0d0ee84e4bf5f41

          SHA1

          527e163e6c28e4ed67f2f2f20e31f68e70742877

          SHA256

          8eaf3e3ec86db9d2e0b286840cdd5223e8551561110f70322cff18c3ccc4eee4

          SHA512

          3f3bfa3923311e40edd375571588431bf837c02e8b3cf405924bbda87d1d1ae8492d15c3f830e167ba8223db93a8135e809ba36b7cd09a8af99022ec3bc06743

          Download Submit

        • memory/824-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/824-1-0x0000000001620000-0x0000000001686000-memory.dmp

          Filesize

          408KB

          Download

        • memory/824-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/824-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2488-20-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2488-26-0x0000000001610000-0x000000000166F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2488-16-0x0000000001470000-0x00000000014D6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2488-14-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2488-38-0x000000000C660000-0x000000000C69C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2488-37-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2488-32-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2488-39-0x000000000C660000-0x000000000C69C000-memory.dmp

          Filesize

          240KB

          Download