Overview

overview

7

Static

static

3

044c57986e...42.exe

windows7-x64

7

044c57986e...42.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    044c57986e92d73eb443dc9fe66e2a42.exe

  • Size

    1.9MB

  • MD5

    044c57986e92d73eb443dc9fe66e2a42

  • SHA1

    1968d1a87f2e98db3f90181b7a8d169cc758149b

  • SHA256

    ab50a00b1eb7bb1887b2d87ca4a9119d8023a55cdb41d8913339d249b44af6ef

  • SHA512

    de49d0c7619ec13c9aa1e7c65c0dbf0a2af0685efefa80cc5c9a3d1865314b6e4d4820203bcdd0870495cdc115730bea91611898548a98a4bf7f4b5d8f5aeaff

  • SSDEEP

    49152:Qoa1taC070d7i7n2f873LPkTeSYXCfgH8W8qb:Qoa1taC0E/G3LRCa8WN

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\044c57986e92d73eb443dc9fe66e2a42.exe
    "C:\Users\Admin\AppData\Local\Temp\044c57986e92d73eb443dc9fe66e2a42.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Users\Admin\AppData\Local\Temp\8AF1.tmp
      "C:\Users\Admin\AppData\Local\Temp\8AF1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\044c57986e92d73eb443dc9fe66e2a42.exe 148EDD0EAABCE09E44A01FE42BA9FC07055906BB626AE4891A59560E63C4684440D941E3F4946F075F8E43591C20AF07E9F7E9FDE2D3C077E230DFBE4CA56674
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8AF1.tmp
    Filesize

    882KB

    MD5

    690a3e03dd78f7621bd4bc06420ce5a8

    SHA1

    f635102885078b0e13612981b4b62b3c1e881687

    SHA256

    ecea15ab0340ab9ffe8c63b40123a649592539d1ba3afbe32d667d8a280f0e14

    SHA512

    eeb383d4bde16ffc87bd6505294ca0653271d318aaa0af175ca4b4497f352422d5e9815c07d28b99dc117eb6c405b1b2d8d4ae8096b475b9233aa2186344c8ee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8AF1.tmp
    Filesize

    957KB

    MD5

    cebf28dc167ce6030200e9cde6100e9f

    SHA1

    84e2554a8e9a37660c9ed3c8f9d49562b260be77

    SHA256

    330d84ffe2178f4943955277887f281da72f054865044c198de24fa5383d0c0b

    SHA512

    880ac08c356ae662b486f59b9bc32ed0a7498009c00b11d43aaf6b06605dee7be88762864d1668609e9eeb6d4a8897efc2be406276b159ce8887ca204d8750aa

    Download Submit

  • memory/1280-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2420-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download