Overview

overview

7

Static

static

3

0422a4362b...fe.exe

windows7-x64

7

0422a4362b...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 21:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0422a4362b4822b0f5cd74380f78e0fe.exe

  • Size

    1.9MB

  • MD5

    0422a4362b4822b0f5cd74380f78e0fe

  • SHA1

    a3389584246ba168a0522b72f3e9826cdb06aa5b

  • SHA256

    e97d1cf98b3312fe6385f14c4988a6a3b44913cb716d7539784691c008da6c1a

  • SHA512

    d1ed512332cfc30d836b6e39a5b7ee2063d67ab85bfb265a14e9bb8f9e8af291459b169245b3bd88f6d422c81308aac8c1d5ffd12bf6bc20cf3a1b0a6e58f561

  • SSDEEP

    49152:Qoa1taC070d2kcIsxK/WJbOUoF+4g2ekqErdy4LnX0:Qoa1taC0MR/nUEKkqKQ4LX0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0422a4362b4822b0f5cd74380f78e0fe.exe
    "C:\Users\Admin\AppData\Local\Temp\0422a4362b4822b0f5cd74380f78e0fe.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4088
    • C:\Users\Admin\AppData\Local\Temp\3BC1.tmp
      "C:\Users\Admin\AppData\Local\Temp\3BC1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0422a4362b4822b0f5cd74380f78e0fe.exe 1D8E3D47504587C1C8A346480A94CEC38C217047CB30D0FB2F05D369C54177101C80EF1C74D6A47DC8D34B2C0C7DEC26A6265F8D68EE7E709A1C2F023A9B95A4
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3BC1.tmp
    Filesize

    1.5MB

    MD5

    2cd272b8352d6c68094bf19c7996a33f

    SHA1

    e61e8d2dd93a24fa67b5f77ab27f751983043e47

    SHA256

    62c28339b6bb37556a52d63a5004c815768e5b885bc6b1ea817cf2c113c31ef2

    SHA512

    742844143be38816545b825dff8f7e961337ff97e725231b7173db6aa0f2107fedc4c9bae49e19aec74b8b091abc2f65e40eea5cce4f60bcd9cd61a24b8b9c6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3BC1.tmp
    Filesize

    1.5MB

    MD5

    de60adb49adb19302e7bc514cb5a1e49

    SHA1

    37887c79109508d99c413345fc39f6afd2a66654

    SHA256

    e5ee48252b0bdcf295cb9a01d823be61d45944f6eaa9b669e9530a2c4cadb654

    SHA512

    2242fdc2e5e80d1c3eb6b461329a7b3dfa0d3f0a87d50c7be9c822421f8b62e2146e22e452fb825bf966e92b13252c552068634a228c6ffbccd61f9c7d06a64a

    Download Submit

  • memory/232-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4088-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download