Overview

overview

7

Static

static

3

0060e73785...70.exe

windows7-x64

7

0060e73785...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    168s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0060e7378565fa546c476088d1dab070.exe

  • Size

    24.2MB

  • MD5

    0060e7378565fa546c476088d1dab070

  • SHA1

    6ffe2934859c783b4530b6a3de9f2bf2ab90649b

  • SHA256

    4e627f0538ae13dae4d8e5da82338be4db321c495829e54bf01802d3a07c8a55

  • SHA512

    c236df4f6e3a8724284e06a0c7e67d36f3264384ae8fbbbf2fc3d8bba43e3ca5a831bd04b86a33a15b82dce645021f78690f9442cae14dc92d8a2a77ad0bcee6

  • SSDEEP

    196608:1B1IIE5SQz4YOQEt962F02KeaJZu8I6JqvJWV0dw:qsQz4YhEt42jK7g8XJjCy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0060e7378565fa546c476088d1dab070.exe
    "C:\Users\Admin\AppData\Local\Temp\0060e7378565fa546c476088d1dab070.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Users\Admin\AppData\Local\Temp\is-LCLG7.tmp\0060e7378565fa546c476088d1dab070.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-LCLG7.tmp\0060e7378565fa546c476088d1dab070.tmp" /SL5="$401E6,24380297,132096,C:\Users\Admin\AppData\Local\Temp\0060e7378565fa546c476088d1dab070.exe"
      2⤵
      • Executes dropped EXE
      PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-LCLG7.tmp\0060e7378565fa546c476088d1dab070.tmp
    Filesize

    608KB

    MD5

    6e1f9b783b7eccf4f39527beca8c0dfc

    SHA1

    bd14b7aa15183c3414f959cdb10e805ccfe52b88

    SHA256

    2160bfb87e14c6eb6733b7e400bd43906d45ab0ac68e63cfd4702efc9cb798b0

    SHA512

    dde44a8f1ee91a72fe698012d8e32ff3085724c448a6220c609a41c3ca310d0ee848089f4c71adcfa29e8c93947d0cb0332208394ac48aa89eb949dd1c0a1e6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-LCLG7.tmp\0060e7378565fa546c476088d1dab070.tmp
    Filesize

    448KB

    MD5

    5d41923404fff183027d904c8aa56b6b

    SHA1

    5577ab2144ffa4be0b35afbef0fe099be102dd75

    SHA256

    7adba8d37f30675e0b3400ea109def77cf87e6f06cfc7fd22ccb6280705322e4

    SHA512

    bd3dfdaa9e14dca0e6d6ef57c35022b0b6064b3aca93585243c8a13def782e52deccdf3ea6351d0261d1090149a18e31d75d367cf5bb6d6737277491ed66797b

    Download Submit

  • memory/1540-0-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1540-3-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1540-9-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/5040-7-0x0000000002110000-0x0000000002111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5040-8-0x0000000000400000-0x00000000004C8000-memory.dmp

    Filesize

    800KB

    Download