Overview

overview

7

Static

static

3

052ea9b142...1c.exe

windows7-x64

7

052ea9b142...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    052ea9b1423f34a87d4fe9ed863ef91c.exe

  • Size

    1.9MB

  • MD5

    052ea9b1423f34a87d4fe9ed863ef91c

  • SHA1

    db35b4046f486a7c9471330b9111f7f6499a2c07

  • SHA256

    6e2605bbdd558d13d7fd769c06c51ebe01e158bb04d11912c5dd264c73d66c05

  • SHA512

    d25ba96d989adf4b3262667c993b448826f1a83675669d3b762e71682a6aa8f7c3fc2c4f86d8f4d1b4b1a0866a855d4f103320970894d4a895e5c8e7eff79065

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dSiXfhetMy1ll65dQjOdke6tLkyma+JhVhlcl:Qoa1taC070djv4tMm9jjJhhFovYb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\052ea9b1423f34a87d4fe9ed863ef91c.exe
    "C:\Users\Admin\AppData\Local\Temp\052ea9b1423f34a87d4fe9ed863ef91c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\17E4.tmp
      "C:\Users\Admin\AppData\Local\Temp\17E4.tmp" --splashC:\Users\Admin\AppData\Local\Temp\052ea9b1423f34a87d4fe9ed863ef91c.exe 81614558EE1DCA9C6D8670C0E3E807ADBE8B70CC8571D6853EEFA90176568B2814E6C9C19C299C3EB0F8A58AA7368B49E8050C2CB5F22DE1383EA22ECE8B4DBE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\17E4.tmp
    Filesize

    388KB

    MD5

    a459fc24db1a8e6af3fc775f2b100b33

    SHA1

    3acbe7e7c777fdcc5d51ade0afa5867284eeb8dd

    SHA256

    70c34e1dba2d9fc52f095872252151547690190114fa996c620a6cfe726a6a60

    SHA512

    acb65d51d7c6f30532c786b2632f879dfeb5faaf365144eeaca581951f6c774bbba9403b6e2229b0faa4221689d6dcab5c0e1cc1c7edbb54b7f393487bbbde18

    Download Submit

  • \Users\Admin\AppData\Local\Temp\17E4.tmp
    Filesize

    1.2MB

    MD5

    f50432dbfaf22a67099bb203e08c5c1c

    SHA1

    ff3f3002efa6df0fcda2dd8a3c61908d6ac5eaac

    SHA256

    31025333b15ca0f9d5c6a3e8ba075c4c9f293c8fba89406b021235b21eb67aa2

    SHA512

    9784b68fa4a44d7caab40d926a16fc9bd2510d94e9c396ef6c9befc4a0d7f5f7eb12ce0cb903412e6c333b8c098ea6a5bc9493ac44d8ebeba0f1352f165c8dcb

    Download Submit

  • memory/2228-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2384-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download