Overview

overview

10

Static

static

3

1dcf313c7b...a3.exe

windows7-x64

4

1dcf313c7b...a3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    8s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 21:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1dcf313c7b9200277a88700ff036b5a3.exe

  • Size

    1.2MB

  • MD5

    1dcf313c7b9200277a88700ff036b5a3

  • SHA1

    2bcf6d85a214e8c5acf6bdf845d51776318e059a

  • SHA256

    6ed40b29d8cbea35c1fba43b81b4ced3dd22dedb50871ac1168513826f4332ff

  • SHA512

    526ab3ad4eef95b92239e5d7d48a0f42fcb04e1b52591bd4cf79e0e51cfc20a24e2918451f6837825b023fe5e4892f7e04b7dfd207cc36b0f54ee61cf1678685

  • SSDEEP

    24576:YaUZCHwO1d1QqbBE2tTBFSZzuKo0gNEPSwDOCzwJSbc7wmersHL:bQqtnLRs6MwJS+7

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1dcf313c7b9200277a88700ff036b5a3.exe
    "C:\Users\Admin\AppData\Local\Temp\1dcf313c7b9200277a88700ff036b5a3.exe"
    1⤵
    • Drops file in Windows directory
    PID:2088
    • C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\system32\notepad.exe"
      2⤵
        PID:1320
        • C:\Users\Admin\AppData\Local\Temp\cmd.exe
          "C:\Users\Admin\AppData\Local\Temp\cmd.exe"
          3⤵
            PID:2740
            • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
              "C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
              4⤵
                PID:2624

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
                Filesize

                3KB

                MD5

                b4cd27f2b37665f51eb9fe685ec1d373

                SHA1

                7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

                SHA256

                91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

                SHA512

                e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

                Download Submit

              • \Users\Admin\AppData\Local\Temp\cmd.exe
                Filesize

                92KB

                MD5

                8765fd5f53220ee1d49cf1e9d4fecb6f

                SHA1

                6c5d9ddaef1802264f4a7297a3d7b7cba6815b75

                SHA256

                e141c6f75c9cf4d1f1b0fb5a3232f74f82cd0a35a03f260dbc163f9839c9c672

                SHA512

                58c217e1c55ff2e5e12553f986621ae0bb5c84dbe1ab9d9a1bae7dd3090bfd8c7ace52d3a7070ffd8388cc2763d1b485b8e76ab4da0cdab8b72a34deb622f7f4

                Download Submit

              • memory/1320-42334-0x0000000001CE0000-0x0000000001CE8000-memory.dmp

                Filesize

                32KB

                Download

              • memory/1320-42308-0x0000000000090000-0x0000000000092000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1320-42345-0x0000000004F50000-0x0000000004FD4000-memory.dmp

                Filesize

                528KB

                Download

              • memory/1320-42335-0x0000000004F50000-0x0000000004FD4000-memory.dmp

                Filesize

                528KB

                Download

              • memory/2088-42312-0x0000000000980000-0x000000000098A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/2088-42306-0x0000000000400000-0x0000000000547000-memory.dmp

                Filesize

                1.3MB

                Download

              • memory/2088-42309-0x0000000000330000-0x0000000000331000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2088-42307-0x0000000000980000-0x000000000098A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/2088-0-0x0000000000330000-0x0000000000331000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2740-42354-0x0000000000400000-0x000000000049F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/2740-42342-0x0000000000400000-0x000000000049F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/2740-42349-0x0000000000400000-0x000000000049F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/2740-42351-0x0000000000400000-0x000000000049F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/2740-42344-0x0000000000090000-0x0000000000098000-memory.dmp

                Filesize

                32KB

                Download

              • memory/2740-42352-0x0000000000400000-0x000000000049F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/2740-42343-0x0000000000400000-0x000000000049F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/2740-42350-0x0000000000400000-0x000000000049F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/2740-42367-0x0000000000400000-0x000000000049F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/2740-42366-0x0000000000400000-0x000000000049F000-memory.dmp

                Filesize

                636KB

                Download

              • memory/2740-42364-0x00000000001F0000-0x000000000020F000-memory.dmp

                Filesize

                124KB

                Download

              • memory/2740-42362-0x0000000010000000-0x0000000010016000-memory.dmp

                Filesize

                88KB

                Download