Overview

overview

7

Static

static

3

1e15dff6f4...10.exe

windows7-x64

7

1e15dff6f4...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e15dff6f4219f6fe1e9e037e3423310.exe

  • Size

    82KB

  • MD5

    1e15dff6f4219f6fe1e9e037e3423310

  • SHA1

    969cf4f3a0ceb8b593bbb5b66d382797e8ab4802

  • SHA256

    d3c67935a09c9e889f2f4b4dda4aa0fc55bfd20595446ad6d927e3b06cde1e84

  • SHA512

    af92fa5458044efccc5ab0e139ef00c6fddcee161538d2a9d1e65592c45a9f281e8e48dc1fb866be3b4396bf74967c9101342eca1a8b0aecc11fc7d2fc116d99

  • SSDEEP

    1536:6pT3IXW+o+7B44eE/Hv/+alWI9892D5XjKxZhEFqWrfCh316y9+UvB0pfC:k3n+hOJEmD+5XGmmhfKpfC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe
    "C:\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:208
    • C:\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe
      C:\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/208-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/208-1-0x0000000001550000-0x000000000157F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/208-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/208-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/680-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/680-25-0x00000000014B0000-0x00000000014CB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/680-16-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/680-14-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download