Overview

overview

7

Static

static

3

0d1bc869eb...46.exe

windows7-x64

7

0d1bc869eb...46.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 03:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d1bc869eb3e7cae25659b008de59946.exe

  • Size

    1.9MB

  • MD5

    0d1bc869eb3e7cae25659b008de59946

  • SHA1

    03e146f741a943378e4e0c0a4892aa6f6d9da119

  • SHA256

    b3bbdbe8bd764543d2bd848b947b375ebc00e96f94fa1521d82931dfda6d00c7

  • SHA512

    ba2d04506f9cfd900b83ad1bd2313ca6d42d9f70c96c0055d841db9946d54640e1865f1cf3d385ffa7c45c280325e569fb30c75989d07c6a721879361173caeb

  • SSDEEP

    49152:Qoa1taC070dySE6A+sFT7YHqOK/HBNDuTJcmp:Qoa1taC0uiFPsqOWN0F

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d1bc869eb3e7cae25659b008de59946.exe
    "C:\Users\Admin\AppData\Local\Temp\0d1bc869eb3e7cae25659b008de59946.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Users\Admin\AppData\Local\Temp\4C0E.tmp
      "C:\Users\Admin\AppData\Local\Temp\4C0E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0d1bc869eb3e7cae25659b008de59946.exe 86AE74D6BB42FA9F8CE7CCF7EA53D3186F1596D1853D4586DC96D60766AE15FA17DA0C96FA55C45DF7EE04B8A14829210914FEF843EFD3643EB399BA236C2F7F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4C0E.tmp
    Filesize

    74KB

    MD5

    2a8d6bbb1d7e38831a300ec75ede7306

    SHA1

    d808ae6197e4501fda00ed62c3985f084e2832c8

    SHA256

    c26e6740060250798e83f62b3f8fd25e3754cefc7a13284d8af390141a136cb6

    SHA512

    ae4f63db91e1f012b12a70cc13dbcfe402cb5978d5a24e1cd274e455bb924cb7c456d3da91763921cd24dd4104a8e6ce173b0bb157231cea6262c3f360a6d132

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4C0E.tmp
    Filesize

    107KB

    MD5

    32b7c83354961ea3d568b97890619e43

    SHA1

    7ccef24b15248c69b69fa4c3f90c9e98d645976f

    SHA256

    772954df882a61fbe86a07794ce3de8553ceab98a3c3481162ac83aa7947abf2

    SHA512

    1adc3fb2a5b058981c23e61e5178f5e8bfcdb082ca67f7099bf21236b7042913be87c736c4dd5baf218c1259ca39a20516c03ab8896298b24920d57ec5fc30b9

    Download Submit

  • memory/2276-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2776-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download