Overview

overview

7

Static

static

3

0422a4362b...fe.exe

windows7-x64

7

0422a4362b...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0422a4362b4822b0f5cd74380f78e0fe.exe

  • Size

    1.9MB

  • MD5

    0422a4362b4822b0f5cd74380f78e0fe

  • SHA1

    a3389584246ba168a0522b72f3e9826cdb06aa5b

  • SHA256

    e97d1cf98b3312fe6385f14c4988a6a3b44913cb716d7539784691c008da6c1a

  • SHA512

    d1ed512332cfc30d836b6e39a5b7ee2063d67ab85bfb265a14e9bb8f9e8af291459b169245b3bd88f6d422c81308aac8c1d5ffd12bf6bc20cf3a1b0a6e58f561

  • SSDEEP

    49152:Qoa1taC070d2kcIsxK/WJbOUoF+4g2ekqErdy4LnX0:Qoa1taC0MR/nUEKkqKQ4LX0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0422a4362b4822b0f5cd74380f78e0fe.exe
    "C:\Users\Admin\AppData\Local\Temp\0422a4362b4822b0f5cd74380f78e0fe.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\1861.tmp
      "C:\Users\Admin\AppData\Local\Temp\1861.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0422a4362b4822b0f5cd74380f78e0fe.exe 704D54EBC2C1692672DD538457AAF148934A942AAD20A22575299E85FDA4FD582DDE401B35CB18BFDDAA1D99B783CB07BA8F2D6C85661DFB8ED08FED83C453A4
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3000

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1861.tmp
          Filesize

          861KB

          MD5

          1013034bc9bbaa53c9b36d03e908b262

          SHA1

          dc3d0c315f548761eac715c68d3da50610649d11

          SHA256

          7b87df9f39509a99b12be63d05ddb753b57fcfc774e7e5241e365077d3671eee

          SHA512

          8f4d375da061a02f67a9aa8b916a7ec180e4ec696245c660408c17b6ec7437adc8f2116cea8745ee0ff6767948897a64af0aad7f2bb11773de44c5b0894fb452

          Download Submit

        • \Users\Admin\AppData\Local\Temp\1861.tmp
          Filesize

          1.2MB

          MD5

          20b233ca98184cd21f6fed427283faa6

          SHA1

          3394502b2bd38e94ca2b064c612533c26f473208

          SHA256

          bbc373e8c103024a6271f839c327cd85f0fdd789b0625e1e512d28b64ac069d3

          SHA512

          ae61330520a73432d779248eae028f394ec16e4534dc6925c2b306d8ac402086f9772f9f6d6f6843b204f7a2efe386ed48125e586a55e7dce9947687c0f23623

          Download Submit

        • memory/2872-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3000-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download