Overview

overview

7

Static

static

3

027b2cac08...e8.exe

windows7-x64

7

027b2cac08...e8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    027b2cac08666215874dbab0b1da4ce8.exe

  • Size

    1.9MB

  • MD5

    027b2cac08666215874dbab0b1da4ce8

  • SHA1

    eb06f406264ead35639c34e9d61f42969c836ae9

  • SHA256

    6041a8043498d2642fbeee3b45c2e217c0524cd47b192df058af8e6190ba17ba

  • SHA512

    08ba6a5fafeab80a17c268978949d2f84371ee9cd4599f2b8f683caa9f33f7c4e7893d51f4765725e6a89f802cf2a14db03161a2541873ed03c8a78b7ba42da6

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dTAE5tAcrHR3FUhyYQAJqz5OFtsAY/uuky5+3:Qoa1taC070dP1H9FUhFTdts57w3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\027b2cac08666215874dbab0b1da4ce8.exe
    "C:\Users\Admin\AppData\Local\Temp\027b2cac08666215874dbab0b1da4ce8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Users\Admin\AppData\Local\Temp\A2B5.tmp
      "C:\Users\Admin\AppData\Local\Temp\A2B5.tmp" --splashC:\Users\Admin\AppData\Local\Temp\027b2cac08666215874dbab0b1da4ce8.exe 1CE3618B95BD3809307109B3F4AA89FAAA80CFC05EC4D691D0C6369374D71694F7C512486875D15AE70883AB78D88D0773EC9B8DFAA72D587DA106636BE83842
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A2B5.tmp
    Filesize

    647KB

    MD5

    00acbfeba528b1f7e0448142ddf2ea78

    SHA1

    0a42ebc2055640b7a9ab8ccf18bf524c8879463f

    SHA256

    88f5327721b241ace5b841fb13bc52af0b74558ed25a6e45f78d80bc79f3e0aa

    SHA512

    bd8bad2d03db875aee343a62f8e5c1342d3abd0c8425987bd331377b2195739c6402dab4eee3133f6b2dda20102b3faa9e299f4e6d418dc4ddcec5b2e05dd14d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\A2B5.tmp
    Filesize

    866KB

    MD5

    b37c37f346a80edd437a56fca1f0cb1c

    SHA1

    a66c598a3b2c4734ced30a408ca2ad8ba00beb06

    SHA256

    39d9307fb0b0a1420c359c29a6a2c6e9e4d4468642110ca5393dd31e7d617cc7

    SHA512

    50e89a5af67b28a833bc0023ec2d4daeb3d9ead13c2832398e03ff71942f54dfd00625f15c36b72299f17dd3639eaf25efc3db1bbb25a778ebc3cc3447628059

    Download Submit

  • memory/2036-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2424-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download