Overview

overview

7

Static

static

3

0275e781d3...cc.exe

windows7-x64

7

0275e781d3...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 19:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0275e781d3d8144c303ea47ec86587cc.exe

  • Size

    1.9MB

  • MD5

    0275e781d3d8144c303ea47ec86587cc

  • SHA1

    4c6bcbdf997ce22f56bb39495eff212dc561c194

  • SHA256

    1c19ca564bfcd5264713b8e969e5670e09919522cb2d59f8e90770bdca69c65e

  • SHA512

    6b0df6423b27f4159d381e6b30a6fa55c7c4488d48e3ed8cf0f38338f2bdf383795ec74c30502f194f4eaa73770c344b256c7c26a28d7125babfab91b5737642

  • SSDEEP

    49152:Qoa1taC070d3oJDAVYPf2+obFoHVS+ibeW:Qoa1taC0FHJohoI7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0275e781d3d8144c303ea47ec86587cc.exe
    "C:\Users\Admin\AppData\Local\Temp\0275e781d3d8144c303ea47ec86587cc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Users\Admin\AppData\Local\Temp\A0C2.tmp
      "C:\Users\Admin\AppData\Local\Temp\A0C2.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0275e781d3d8144c303ea47ec86587cc.exe E604713B87871DE8974737920498DF2D7B9EDA4391F56B9F5CDF52841119577CC1CA572838D4DFF08BF640A16AF7F49E2DC6B15BB916A4157147D9349A46F9EF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3028

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\A0C2.tmp
          Filesize

          1.9MB

          MD5

          18a40e4e3ed3917c671386b196ffa353

          SHA1

          8b8af6bff03410636887aba084b5025556f18d0d

          SHA256

          38b37a6afbc8c234f93786911ed3b6058eda80ab678c2dcd3d738e40aa7f0364

          SHA512

          c049fb34415145462870b8a7a84bba63c8a71fe93bf6974b6ad0c657e3f600936227b1f83465cc2360fc9c6116f76f1ade4a53dfa3c9c019225adece4fe00d17

          Download Submit

        • memory/2960-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3028-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download