Overview

overview

7

Static

static

3

147b8b7b15...a9.exe

windows7-x64

7

147b8b7b15...a9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    147b8b7b15f5764cb4918ac6e28cf9a9.exe

  • Size

    3.1MB

  • MD5

    147b8b7b15f5764cb4918ac6e28cf9a9

  • SHA1

    88d896f02068091e01e304ac2bee3036d40505f8

  • SHA256

    6ec4d7654d7ba4851f02639a4939a1359e393aeed5531d4b301090685d9c5f4e

  • SHA512

    4a5efe7af4e4311f8b5813b47e79d78464209a3386ecb1ec0b9405ea27e3681fadd64a49f527a997422731b13da97133ead6fe272842de1a9555c17667a4a505

  • SSDEEP

    98304:5mSWOiIyUbzzpi9WL7kKK+VLUjH5oxFbxx:5XjUW8mVUjZEdx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\147b8b7b15f5764cb4918ac6e28cf9a9.exe
    "C:\Users\Admin\AppData\Local\Temp\147b8b7b15f5764cb4918ac6e28cf9a9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Users\Admin\AppData\Local\Temp\8871.tmp
      "C:\Users\Admin\AppData\Local\Temp\8871.tmp" --splashC:\Users\Admin\AppData\Local\Temp\147b8b7b15f5764cb4918ac6e28cf9a9.exe AE0ED25FBD82B34A49E86CA3D8812E42D7864F7EFBFB118DE71CC40A000ED1148B859B3BD8D35716D98744C0520A53312EA4BC9E3F0DA1C5D8304D86D1DC2C40
      2⤵
      • Executes dropped EXE
      PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\8871.tmp
    Filesize

    3.1MB

    MD5

    4b508d10403367561cacb2eda51e853a

    SHA1

    1cd77ee59344af6097189ff489cddf7551e18466

    SHA256

    aa4570d541d9fd9bb5eb88c9ab469711bc76372be6e5fd931165b016954fe147

    SHA512

    8adde50a57967e8a4702d3aa218933fa0208763278bb1e557494565774c88072ac1882e1b5294d7d3a6e79464634a30e03d31317b171883ccbdc5ba68d408c7e

    Download Submit

  • memory/1276-6-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1900-0-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download