46a3a41629ad7a3815c956683a1e3b4b44c871016b167e4baea302c8b5bb3d77

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0d7b40a9a099f026d331eb40d7818ffe.exe
Size

200KB
MD5

0d7b40a9a099f026d331eb40d7818ffe
SHA1

8e40ca3f25ed32634efc45045b5ea49d8683c646
SHA256

46a3a41629ad7a3815c956683a1e3b4b44c871016b167e4baea302c8b5bb3d77
SHA512

e3a7fbdaa6dc0a0a66bf7ff641713e5c9f46c953cbca67100c6b7d4917d9eae07b6f80500cb3d8293ec2d6a019e625d512aa9962fd8ad1e707d611eaca8b7be0
SSDEEP

6144:33z2vazSNWuzi8LcaePzhyT5crIzZLRFNX/N9m0p:avazS27aGzhyck1LRFrMq

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2868	0d7b40a9a099f026d331eb40d7818ffe.exe

Executes dropped EXE 1 IoCs

pid	Process
2868	0d7b40a9a099f026d331eb40d7818ffe.exe

Loads dropped DLL 1 IoCs

pid	Process
1064	0d7b40a9a099f026d331eb40d7818ffe.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1064	0d7b40a9a099f026d331eb40d7818ffe.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1064	0d7b40a9a099f026d331eb40d7818ffe.exe
2868	0d7b40a9a099f026d331eb40d7818ffe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 2868	1064	0d7b40a9a099f026d331eb40d7818ffe.exe	17
PID 1064 wrote to memory of 2868	1064	0d7b40a9a099f026d331eb40d7818ffe.exe	17
PID 1064 wrote to memory of 2868	1064	0d7b40a9a099f026d331eb40d7818ffe.exe	17
PID 1064 wrote to memory of 2868	1064	0d7b40a9a099f026d331eb40d7818ffe.exe	17

C:\Users\Admin\AppData\Local\Temp\0d7b40a9a099f026d331eb40d7818ffe.exe
"C:\Users\Admin\AppData\Local\Temp\0d7b40a9a099f026d331eb40d7818ffe.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Users\Admin\AppData\Local\Temp\0d7b40a9a099f026d331eb40d7818ffe.exe
  C:\Users\Admin\AppData\Local\Temp\0d7b40a9a099f026d331eb40d7818ffe.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0d7b40a9a099f026d331eb40d7818ffe.exe

Filesize
92KB

MD5
c0a7164e55c93dfe3d9eaeffb88c7076

SHA1
c9acd742dcf5267b475a878bc4adb58ab0c3747e

SHA256
95711a0ba6108c6d25ae77be4e4aa43921675698434c91d733994226f29ed66b

SHA512
0f3381c11bbbd07c7b9ae936ea1a5957c15752af5aa466e7ca862c53ed2281246f3393278a8fcde30e41b253406c47e19bae789eb1cddb403251e3e69d11731d

Download Submit
\Users\Admin\AppData\Local\Temp\0d7b40a9a099f026d331eb40d7818ffe.exe

Filesize
200KB

MD5
7f38e68c2d65ac587bc9c0c52e596da8

SHA1
6c328caa6bcb285a2679e9e55cb931c5010ecc1f

SHA256
789a47316ef4512482aebba17596e9085f408248ca8bc34f1ee054e2e1dfafb4

SHA512
cc336ff2f4cd1e22198e54dd208be094023278ba111b8b6f8841030132dc43c1388df81c54bfc8c30287a7f2b35a4b65c72daf2f7c6738d8fb49dbb135c16a98

Download Submit
memory/1064-2-0x0000000000140000-0x000000000018C000-memory.dmp

Filesize
304KB

Download
memory/1064-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1064-0-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1064-16-0x0000000000270000-0x00000000002BC000-memory.dmp

Filesize
304KB

Download
memory/1064-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2868-18-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2868-29-0x0000000000340000-0x000000000035B000-memory.dmp

Filesize
108KB

Download
memory/2868-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2868-20-0x00000000002E0000-0x000000000032C000-memory.dmp

Filesize
304KB

Download