Overview

overview

7

Static

static

3

0ab995271f...b5.exe

windows7-x64

7

0ab995271f...b5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 01:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ab995271f040c736298f9e39ca48eb5.exe

  • Size

    1.9MB

  • MD5

    0ab995271f040c736298f9e39ca48eb5

  • SHA1

    3a4ca4d6baf59b88830c600d7a32a7db9a3d404d

  • SHA256

    72f1286369ee8b72b00dc6e4b5d55ee8f5062455485499c96f035b3e22ddc370

  • SHA512

    4c021b6cb3b72661f32ebc0603077ae7deffbcf3a92e3d8af5a153a860c34b91c2b1219290507af5401b4a47c34b05246659e62667a60bb44b92f68324e783b6

  • SSDEEP

    49152:Qoa1taC070d+U7f6PvjLaJJsRvM1uqCj2N6o:Qoa1taC0BU7CH3aERE1RCj2Yo

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ab995271f040c736298f9e39ca48eb5.exe
    "C:\Users\Admin\AppData\Local\Temp\0ab995271f040c736298f9e39ca48eb5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Users\Admin\AppData\Local\Temp\A5A6.tmp
      "C:\Users\Admin\AppData\Local\Temp\A5A6.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0ab995271f040c736298f9e39ca48eb5.exe 0D76C3621E7738F37CBB66F08E5EC488706A5D30A60E5C16CE2D8ACC38AB7A99DDEBC442030207CBCDAA27ACC6F4C5DEC913D13E2001B58F12ACC1368F6F4588
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A5A6.tmp
    Filesize

    103KB

    MD5

    eabaaf420287d45e608945b549353955

    SHA1

    b1fd42d8a08c8ccb20624c71a1629ae429da99a2

    SHA256

    cc7e50bb902c4a490c6b02bd61864744ec3c349adbfb5fe6c004d7050c656fdc

    SHA512

    4ca646340369d011df011c5cc30a9de277c8d019541a579c3e7b166bc3e5314a28d53c289026942f47f2da6f436d2e4f928989d4fa059babf46d05ca561399ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\A5A6.tmp
    Filesize

    70KB

    MD5

    6a5544e61d9af18e1fdb5006b7fd4e53

    SHA1

    9b36fd3206e9d3a99c731d10a9010f895fc60de8

    SHA256

    7e8aab72a41d26794a947b7ad8d99b738a4e61fccd2af7c2e4459b7c876521a7

    SHA512

    0094b6990b390e85c1a64f1dd63303dc87bdf9704a8dab2b5a6dd0cbedf6956f067e03e2af290304fe623065f38e396e7e88807274521a31770c86121596ab3f

    Download Submit

  • memory/2004-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2096-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download