Overview

overview

7

Static

static

3

0a675d95d1...6e.exe

windows7-x64

7

0a675d95d1...6e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a675d95d1b729738560d86f024fd36e.exe

  • Size

    4.2MB

  • MD5

    0a675d95d1b729738560d86f024fd36e

  • SHA1

    edda424557be0ea2d862ab54336244ee885af612

  • SHA256

    c39ee1bbd1e9cfabea0bbd811d1003967f299f0ef5b49f27deee981bf7fd8c59

  • SHA512

    13e7fa016911a9b7c5fd5633cd1a20583fcbc6d6930e9a95cf319a0ce9eedcf48fa954a00db4856dd0a633fb352c946902ad89843e77a4ca55d33bd364bd751a

  • SSDEEP

    98304:emhd1UryeQ7WvyR9kzbOVLUjH5oxFbxCVLUjH5oxFbx:elwKMwqVUjZEdCVUjZEd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a675d95d1b729738560d86f024fd36e.exe
    "C:\Users\Admin\AppData\Local\Temp\0a675d95d1b729738560d86f024fd36e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Users\Admin\AppData\Local\Temp\10A4.tmp
      "C:\Users\Admin\AppData\Local\Temp\10A4.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0a675d95d1b729738560d86f024fd36e.exe 71F4741B6B011411E77FB15BBDD9556E7D25718B4414AFA9F0492B305A31EA38D5E893784B0A2837B20040EB382041585E6677993A12B3423D17510B5AFA8695
      2⤵
      • Executes dropped EXE
      PID:848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\10A4.tmp
    Filesize

    93KB

    MD5

    b3917ecae25a15f748c3015a9be3fa7b

    SHA1

    6822e74bb4f50098d58d462650ff38c7ec20d369

    SHA256

    e1c88696f6c8279333a99d71e6bbe0902891744486612ec1320aca3dd42b57cb

    SHA512

    75a2065f13b8268912c1e384b19bce3eb733300b3d908b1a6a3654e4f6e973a98ef7095848d3d4984cb80057789919dc3c9db302cda435f10e489f2ad1a45deb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\10A4.tmp
    Filesize

    381KB

    MD5

    afa3019ba6ec9ef9bf6d343cc90bd9dc

    SHA1

    31d4ed089f1fc5110601ce5cc368c1dab7cadf81

    SHA256

    46c5a5848bf74221fdda10b2ea872915fff07d181bdbecf2897d856fd9fc11bb

    SHA512

    f968e4662a487c8cb3ba146a26056255f2b650900f7c4b7aa84cd3c9abc5d4cd536f3353c990f8af8463ceb539ef723328690fb3bfd60903017c62cefedcd93e

    Download Submit

  • memory/848-6-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2196-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download