Overview

overview

7

Static

static

3

045b362e0e...ea.exe

windows7-x64

7

045b362e0e...ea.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    188s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2023 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    045b362e0e8ed32b5190a134bf93feea.exe

  • Size

    1.9MB

  • MD5

    045b362e0e8ed32b5190a134bf93feea

  • SHA1

    4a367be6d139d2a193ecee8129a97ad83e796eea

  • SHA256

    9563ed5ad61d404c6d6ac3e9f27eaa2cae174bd4ca1661a162ea7e49c7060fd0

  • SHA512

    4decb0c23f586bfc9ce476f1f3d7ef1c644c7fa83d61fa8b56538a698715be95c9bd6043b95f7582df6df83174d1e9dae496c7dd8bfa7d4fe3a3071d7b5096d8

  • SSDEEP

    49152:Qoa1taC070dvBO/KfXOOV3t3z2HfhaklasX:Qoa1taC0SBlfX9T3zUw4asX

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\045b362e0e8ed32b5190a134bf93feea.exe
    "C:\Users\Admin\AppData\Local\Temp\045b362e0e8ed32b5190a134bf93feea.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4884
    • C:\Users\Admin\AppData\Local\Temp\B2C1.tmp
      "C:\Users\Admin\AppData\Local\Temp\B2C1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\045b362e0e8ed32b5190a134bf93feea.exe A15EDE23C215333FE231A5F15478BFFB0B8F248C900657438539208C2F339B299C47E86C85E56538523C247F165E3ADBB9FAE0A299A3A5965DFE6E1979AD60AC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B2C1.tmp
    Filesize

    1.9MB

    MD5

    c0f8645838145e56130f9c4de4060bc4

    SHA1

    e22838330b8cc985adad0455affbd9854adb1507

    SHA256

    4369abbb8430d55a31cdb1e4b42dd0d7ed30d5751018fa627b148270a7980aac

    SHA512

    4f17174a26bb61279b47d91632fb290ceb7ad9418486e1b73bb0de8dd5fea1b56ca2c6f093262b234da3eaba61756f91f0fed2a6acd9570b9684a228ebb763bd

    Download Submit

  • memory/1288-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4884-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download