Overview

overview

7

Static

static

3

1f6dbecec1...d3.exe

windows7-x64

7

1f6dbecec1...d3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 23:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f6dbecec1e7a5417fc90d7a84e6e8d3.exe

  • Size

    1.9MB

  • MD5

    1f6dbecec1e7a5417fc90d7a84e6e8d3

  • SHA1

    152bf10fd6c5a38fc225206d18d9328fbcab3455

  • SHA256

    714888954bac94ad362601f809bd868f671a898af1c2b7f3b09adb1ed2fedc9d

  • SHA512

    1b6169a3903ff0491b43d965c8afb0faad55353e32afa6088f99367bf290c8f6446bd38c6bf5b10490137f7052ea3bcc2632f4685a7bd4ff1cce4260fca61793

  • SSDEEP

    49152:Qoa1taC070di316t2W8mNYGN4iBFpuet0Tgb5qXaS:Qoa1taC0pRmyelBG+qXh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f6dbecec1e7a5417fc90d7a84e6e8d3.exe
    "C:\Users\Admin\AppData\Local\Temp\1f6dbecec1e7a5417fc90d7a84e6e8d3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Users\Admin\AppData\Local\Temp\9D0.tmp
      "C:\Users\Admin\AppData\Local\Temp\9D0.tmp" --splashC:\Users\Admin\AppData\Local\Temp\1f6dbecec1e7a5417fc90d7a84e6e8d3.exe 63EC634AE8F7224F03CA32F6C291231A76D844112768DD6B75BC44BEA87287A5C22BDB61ED4584945E9DDB123C82BBB59F874B698E224C9038FC3AC691717912
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9D0.tmp
    Filesize

    78KB

    MD5

    a06671a65013721f36ced9e6137694f8

    SHA1

    b3fdd51152f356eafafc808f37d1ab560d56ba61

    SHA256

    c4c6d24729a7b632db346cb0079f46f600f4e534475867e01ca3186359c8662d

    SHA512

    b452b1a82e69d329a4fd20f9ab9f954935060e75802dc056e40ffe188e512d1ea7e0cb919f80414775dd4641180157b990d069a78e0d83d6de41ebe310c041e9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\9D0.tmp
    Filesize

    89KB

    MD5

    b7e6d63fce13e8e4eb5a1b229936e063

    SHA1

    0b9f7ee3eba7653189a764a990a74fa68d94cb48

    SHA256

    e19e79102bf04984362710d0ed25def01d777d521b4673bf80d787cdc76f790b

    SHA512

    5e0478a5781fff2d20c66aa115eff34e6bd158e85236f13f9c2ade71e28d4cf0ffa711cd541022a0b40928c247bae67b6a658b8cae30576a5101d91be5791bc4

    Download Submit

  • memory/836-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1296-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download