Overview

overview

7

Static

static

3

0a693fb01c...28.exe

windows7-x64

7

0a693fb01c...28.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 01:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0a693fb01c806c779de3c9d49617f128.exe

  • Size

    82KB

  • MD5

    0a693fb01c806c779de3c9d49617f128

  • SHA1

    49f5e697774382e695bfb416ad4b529bdf86ac1e

  • SHA256

    6d933972b8945c2990934161b9632773d566ce613be9407a92eeee29caa606e7

  • SHA512

    39b6aa89e0589a5cd07f7137ad440b239a1a9ec4432298a08168125d6d018e749969777b10542e1dd95f3806bb0e12506eedf2bb42976a1af2b385b18921fd68

  • SSDEEP

    1536:TkDOCLrgj8QJ5RUvhkajPPf/fc88zQi1yEH3LK6vT5pZJ/O2TVmztHLmvsak0X18:8fQbRUvhkajPPf/fc8mH7K6vT5pZJW2u

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a693fb01c806c779de3c9d49617f128.exe
    C:\Users\Admin\AppData\Local\Temp\0a693fb01c806c779de3c9d49617f128.exe
    1⤵
    • Deletes itself
    • Executes dropped EXE
    • Suspicious use of UnmapMainImage
    PID:3052
  • C:\Users\Admin\AppData\Local\Temp\0a693fb01c806c779de3c9d49617f128.exe
    "C:\Users\Admin\AppData\Local\Temp\0a693fb01c806c779de3c9d49617f128.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2392

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\0a693fb01c806c779de3c9d49617f128.exe
          Filesize

          82KB

          MD5

          1e569eb9ae366b0dd1ee10c7e6a98b5c

          SHA1

          a6a1f05aedbc24ed891414320027291fa38cfb4e

          SHA256

          5032343a8d7a5b99aab4e3c1d51ab0d0faee2c5e1fae6f8bcda46a9be2a11124

          SHA512

          0f67e6338ba5ef4bb2dd30484aac1bd3a8538a28210dfd082a239fce55cf0fa36dbc379a31e94305fbc943ffc870862d908a95bbdf7df03c5996cc60794d7e0b

          Download Submit

        • memory/2392-1-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2392-9-0x0000000000140000-0x000000000016F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2392-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2392-15-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2392-12-0x0000000000210000-0x000000000023F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3052-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3052-27-0x0000000000140000-0x000000000016F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3052-22-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download