Overview

overview

7

Static

static

3

09ca6913fa...0d.exe

windows7-x64

7

09ca6913fa...0d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    175s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 01:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    09ca6913fa251a7e48953852eb18cd0d.exe

  • Size

    82KB

  • MD5

    09ca6913fa251a7e48953852eb18cd0d

  • SHA1

    b59f84150449c14de3720ea62d69578299231b11

  • SHA256

    b7bc05b5ed65e8f83b840378420f6818380f299c06fa5fd2889a4cda289cec5d

  • SHA512

    b751b16d79d55f84528a114437f71559aafa55bd225a0273cd2e1ab64860877119c71fc4a4619d4ad9d847da819ab5c08726669c0d17b9427c9186573d44fd84

  • SSDEEP

    1536:2OhrWKrbt+gq719gTqKNKA1wr7eNLqzrYnHYs8a5D980zZ4V:2OoWx+JXgTqKK7r7+KrwHYbaU0WV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09ca6913fa251a7e48953852eb18cd0d.exe
    "C:\Users\Admin\AppData\Local\Temp\09ca6913fa251a7e48953852eb18cd0d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Users\Admin\AppData\Local\Temp\09ca6913fa251a7e48953852eb18cd0d.exe
      C:\Users\Admin\AppData\Local\Temp\09ca6913fa251a7e48953852eb18cd0d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1012

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\09ca6913fa251a7e48953852eb18cd0d.exe
          Filesize

          82KB

          MD5

          1a0b7842a2be5a87f6a91ff9d1774334

          SHA1

          fd4f9ffed415f3a2dd042694a3a0769eb80e63f3

          SHA256

          e02a3c36f32b3317b37d9ff761c84c4aacb0b4856488974e301a6f12345618dd

          SHA512

          bad06a88016545fe46a1b84dfef497e8ed3f49680985744948f860eefc5781d3adec5fdb4ccd9a27631f2ebcacb6fca82c917337186cb15384305a59a668e2d2

          Download Submit

        • memory/1012-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1012-15-0x0000000001500000-0x000000000152F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1012-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1012-23-0x00000000015E0000-0x00000000015FB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1104-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1104-1-0x0000000001520000-0x000000000154F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1104-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1104-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download