Overview

overview

7

Static

static

3

0f1a5315e2...e8.exe

windows7-x64

7

0f1a5315e2...e8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 04:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f1a5315e2beffdab19897c3f02434e8.exe

  • Size

    82KB

  • MD5

    0f1a5315e2beffdab19897c3f02434e8

  • SHA1

    d64aca90b59a97aa102ef8620e6e032512199150

  • SHA256

    3ca2b874ece51139a1a75e553ec1e860a503cca1491466e14b58086aed316b0c

  • SHA512

    1ebbf75259cc1c3222dd4fe2cf7a85ab6484fe54d404674c99ff42be61d5ad18737fbe8fec8a036091021595d87c5a681b84158830264d80b5a2346468046b31

  • SSDEEP

    1536:0rxFSj+GceBS5SYW2apswa0bzTagIBrfcvLrqTd3S0xvWTQW9yED+ai9kJduPy49:0fSj+GceBS5pJapswa0XTalBrfcTrwvj

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f1a5315e2beffdab19897c3f02434e8.exe
    "C:\Users\Admin\AppData\Local\Temp\0f1a5315e2beffdab19897c3f02434e8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Users\Admin\AppData\Local\Temp\0f1a5315e2beffdab19897c3f02434e8.exe
      C:\Users\Admin\AppData\Local\Temp\0f1a5315e2beffdab19897c3f02434e8.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\0f1a5315e2beffdab19897c3f02434e8.exe
    Filesize

    82KB

    MD5

    db4397031f7101e29c6d032e4143862f

    SHA1

    581c7ea1f25d0f06f9a9ac7073ebbd9e4e43ad91

    SHA256

    241e11fce10a5568b4abaea2ad605adfe1f59c9e22d5644c9ad14b7ae3be6fba

    SHA512

    947f1fa2924b716abc2764b405a62680884a9cabf3e1ba7c3e03b9a98d13e9daf827e5467910d14a00cd91cd77607f4dc41e70edf3206fdd4b3345de66d09db3

    Download Submit

  • memory/3000-17-0x00000000000D0000-0x00000000000FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3000-19-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3000-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3000-29-0x00000000001B0000-0x00000000001CB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3044-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3044-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3044-7-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3044-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3044-12-0x0000000000190000-0x00000000001BF000-memory.dmp

    Filesize

    188KB

    Download