Overview

overview

7

Static

static

3

1e6ce466f9...26.exe

windows7-x64

7

1e6ce466f9...26.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 22:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1e6ce466f9906b169549ac2e62f73826.exe

  • Size

    39KB

  • MD5

    1e6ce466f9906b169549ac2e62f73826

  • SHA1

    5c87eca8a5b90c83019f227053b388cf1ff3dc90

  • SHA256

    9f6a4ef4268519e99d23638acd3e48cb52100f7c4db879cadf9c8cfb248a1747

  • SHA512

    5f025d7ea8dd2e80d1507e9f6caf3bae868cb273462d9a38b89229d099672201b94ed27c8c2128664fec6efb84884012af69a7eb98b67d8c7f67a86504cf6ef6

  • SSDEEP

    768:TiG10fWAnno/miA+D5MGFo9Nih/242OAWefnbk:GS0fHo/JftvFoHihOjWeI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e6ce466f9906b169549ac2e62f73826.exe
    "C:\Users\Admin\AppData\Local\Temp\1e6ce466f9906b169549ac2e62f73826.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe nettemp.dll,_DllSuicide@16 C:\Users\Admin\AppData\Local\Temp\1e6ce466f9906b169549ac2e62f73826.exe
      2⤵
      • Deletes itself
      • Loads dropped DLL
      PID:3056

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1e6ce466f9906b169549ac2e62f73826.exe
          Filesize

          60KB

          MD5

          8148e962cee161fab139407f464fb56b

          SHA1

          db84524879987dce9f1712931f99a985db16bb71

          SHA256

          2b204b081163dd85828d29bdfe461997d41488131830ea5cfc4b609402cb53df

          SHA512

          3df312ca48220084a9b392370261630f2894f92aa8494929fdb5af982846de1274196038535dfc8b13f4c5def8b66258c76606e5029ca082436d906849f0d578

          Download Submit

        • C:\Windows\SysWOW64\nettemp.dll
          Filesize

          3KB

          MD5

          78cef9df5d20acb79ca276a25c67b968

          SHA1

          284a2f23b4a9522910e0bc572016385b641a209c

          SHA256

          958ac15b5a4485f9a7f99389d195c84323ab5973a9048e78a4dec3d9456abe16

          SHA512

          76545ddf54da19b84e9bde7c44daedc20e87134a2b2b7f036890780e4527ee54b1e4b7a5c548f4c6832b032611cc464427dd1dc0055ebfc4ad32cf3009849b13

          Download Submit

        • \Windows\SysWOW64\directxsvi.dll
          Filesize

          14KB

          MD5

          1a68b96ff8b329926a3e50b02562aaba

          SHA1

          7b9a23330e9470d6629be83cb4e7ce098b58bf76

          SHA256

          1d4423554b4ee112af67770bcf63d826c2aa06e92acf5007add59b0399d79aa3

          SHA512

          f6af38f0ca0ff0f6cff8afecec253133b5ba100522d041f302137d5e647f23d825afec975d8b577df101f1534eff7e8afbfa17967ddcd6c1998f44339de0cef9

          Download Submit