Overview

overview

7

Static

static

3

0d431a5be6...7f.exe

windows7-x64

7

0d431a5be6...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d431a5be6ef3dd616e46e18203be97f.exe

  • Size

    1.9MB

  • MD5

    0d431a5be6ef3dd616e46e18203be97f

  • SHA1

    b163be98f975fbf490084205552288a55d6a7c12

  • SHA256

    037750ce9b0bde7a9fef24cee332b21d6a41868a7c8de1be237f329e597987ab

  • SHA512

    b55ac8fcc275d71971959154cee096ea7636ef4d0de655095e96e4d75629e013572882f333c84f5f42d173d3f387b661fe0c7708a2881cb6a3ec25ab445fc6dc

  • SSDEEP

    49152:Qoa1taC070dzxLd9iuS7+xXSyxS5q+f4/G6S6:Qoa1taC0id9ir72ib5q+f4Dt

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d431a5be6ef3dd616e46e18203be97f.exe
    "C:\Users\Admin\AppData\Local\Temp\0d431a5be6ef3dd616e46e18203be97f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\1B7C.tmp
      "C:\Users\Admin\AppData\Local\Temp\1B7C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0d431a5be6ef3dd616e46e18203be97f.exe 33CFC82847C5B5CF98B87D50FE7908E0DB61B3D35D9A531E56160E327CC6C04A49C175A4CE82F3AC21EB9A98A9DE710A37AF78F3337BD957FA149652AACC7BFB
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1B7C.tmp
    Filesize

    384KB

    MD5

    002d80923d72bd312046cd6ae6d5bf24

    SHA1

    e8d319ac5ea8c19795997b2cf07b370aec3fb3c4

    SHA256

    7edbde5382ce980107021819e939229e65bbea14b00189986e7bc2268d14146a

    SHA512

    14b0207c9c7a705c19c64a1f0fb4445f61a207835e0f91978496f4bacd1ceb4bb9d58539066dee816513e46d688c4ef7b879fdbd389914cc912909ea8b90f24e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1B7C.tmp
    Filesize

    381KB

    MD5

    37996f3b75a7cc4fe71385cf910176c9

    SHA1

    e3bc264d2ede822fdf32e6c3ecd561e0d37ee556

    SHA256

    f55ff90399463bd4dcb9d25bc94564c540c3fa964b3ecaf2f33b5f3d6f5a18e2

    SHA512

    4d90f33584fd8b1e1ad5686ccd3dadcd6f44d6d4f51990d899dbffc4dfdf1b56b779ddf562dc7f30a73e35e64b20928bdbb5a0bad82a9644506504f62c788fba

    Download Submit

  • memory/1712-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2132-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download