Overview

overview

7

Static

static

3

01399cc44b...7d.exe

windows7-x64

7

01399cc44b...7d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 19:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    01399cc44b3ae911d9bfa978c2c56f7d.exe

  • Size

    771KB

  • MD5

    01399cc44b3ae911d9bfa978c2c56f7d

  • SHA1

    a53c6901799079acba8dd96eeabf805295f37440

  • SHA256

    071bed7d97bf9f8653636641d3807533613b4ea9255b85bd17d902d6f4038bec

  • SHA512

    7987ab632c3fa36912f6a6dd541d3edb3aeee1257b2fa712e58316dbe71f8ad02379221c2ef456249d2fc309f10f7deaa097a216e4c971e97513755f558bd0bb

  • SSDEEP

    24576:vPnBkdTnPJMh7SHfb/qb10hJaothZ2/T6FBBB:XnBoTnPG1+M/ofT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01399cc44b3ae911d9bfa978c2c56f7d.exe
    "C:\Users\Admin\AppData\Local\Temp\01399cc44b3ae911d9bfa978c2c56f7d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1568
    • C:\Users\Admin\AppData\Local\Temp\01399cc44b3ae911d9bfa978c2c56f7d.exe
      C:\Users\Admin\AppData\Local\Temp\01399cc44b3ae911d9bfa978c2c56f7d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4864

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\01399cc44b3ae911d9bfa978c2c56f7d.exe
          Filesize

          381KB

          MD5

          85094fa7d16b03037626548ff39f6fc1

          SHA1

          5a2e32b654fe4f51fc7ddc104b6695cc7bdf95ab

          SHA256

          f9eade2a245392ff91f5b5a82448fc9af909da96a9ced9e971110ddbecfc9717

          SHA512

          5b33fe093acb447fcba7085e9a256d750fe3ad334fb7f3b6dc0543667b8a1b398be26a7d6641e6057a67b6822b0b58069e9fe4de7be8b26978124612af1eed37

          Download Submit

        • memory/1568-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1568-1-0x0000000001470000-0x00000000014D6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1568-12-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1568-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4864-17-0x0000000000170000-0x00000000001D6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4864-21-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4864-20-0x0000000004ED0000-0x0000000004F2F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/4864-14-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4864-33-0x000000000C620000-0x000000000C65C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4864-38-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4864-32-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download