Overview

overview

7

Static

static

3

01eb594156...35.exe

windows7-x64

7

01eb594156...35.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2023 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01eb594156f5cae6d8c18b1fae50b535.exe

  • Size

    385KB

  • MD5

    01eb594156f5cae6d8c18b1fae50b535

  • SHA1

    554d28246f78beb3539cb1c05a2749af60f9ccff

  • SHA256

    27a18aaed1da140d92b315747de17a47dbe0fc8b874674ac93061b5a3a62162b

  • SHA512

    635909839cfb61dc31c6cac4edfa4919599880c0f603c9fa98896815f6a8bef5c12137c390bd0c0560fa9e7e6dc8499ed719029ee6305819a9802b93d6359f5e

  • SSDEEP

    12288:/HI2gLaBXftpMQqps/DPWu4RyBo6YAUJNLKYQndB://geBPtpMGdGpbSdB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01eb594156f5cae6d8c18b1fae50b535.exe
    "C:\Users\Admin\AppData\Local\Temp\01eb594156f5cae6d8c18b1fae50b535.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Users\Admin\AppData\Local\Temp\01eb594156f5cae6d8c18b1fae50b535.exe
      C:\Users\Admin\AppData\Local\Temp\01eb594156f5cae6d8c18b1fae50b535.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\01eb594156f5cae6d8c18b1fae50b535.exe
    Filesize

    163KB

    MD5

    88dca699f02d9ee6551f25f73f9b3aaa

    SHA1

    684035aa7e079c0bee870d7d7affa3fc18228f19

    SHA256

    20b236cab80e4f7998770159d669a65f44498c2fb4cc3947f8fbaad1cbc8a857

    SHA512

    e0b6148eb1e4316dd61ef98f0248d762b8bd5ae7fbbe710d0b8965a58378b37639d70aace995b1a6dd2351250e5b04309d5bda955b914ec29770a645c9f41074

    Download Submit

  • memory/4024-38-0x000000000C620000-0x000000000C65C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4024-16-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4024-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4024-20-0x00000000015F0000-0x000000000164F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4024-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4024-37-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4024-32-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4024-39-0x000000000C620000-0x000000000C65C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4616-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4616-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4616-1-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4616-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download