Overview

overview

7

Static

static

3

147b8b7b15...a9.exe

windows7-x64

7

147b8b7b15...a9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    175s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    147b8b7b15f5764cb4918ac6e28cf9a9.exe

  • Size

    3.1MB

  • MD5

    147b8b7b15f5764cb4918ac6e28cf9a9

  • SHA1

    88d896f02068091e01e304ac2bee3036d40505f8

  • SHA256

    6ec4d7654d7ba4851f02639a4939a1359e393aeed5531d4b301090685d9c5f4e

  • SHA512

    4a5efe7af4e4311f8b5813b47e79d78464209a3386ecb1ec0b9405ea27e3681fadd64a49f527a997422731b13da97133ead6fe272842de1a9555c17667a4a505

  • SSDEEP

    98304:5mSWOiIyUbzzpi9WL7kKK+VLUjH5oxFbxx:5XjUW8mVUjZEdx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\147b8b7b15f5764cb4918ac6e28cf9a9.exe
    "C:\Users\Admin\AppData\Local\Temp\147b8b7b15f5764cb4918ac6e28cf9a9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Users\Admin\AppData\Local\Temp\18D2.tmp
      "C:\Users\Admin\AppData\Local\Temp\18D2.tmp" --splashC:\Users\Admin\AppData\Local\Temp\147b8b7b15f5764cb4918ac6e28cf9a9.exe DC5A7A05B5B90203CF1A71A0803CCC21D56AFAF60ECA571A8FBA4C675E6A12684C2433E0AB4B6C3B9DB1CB50564C8903642561EF73E2EEDF10E751E341020A13
      2⤵
      • Executes dropped EXE
      PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\18D2.tmp
    Filesize

    1KB

    MD5

    7ff067298ea05cea05a56387a8d50d46

    SHA1

    79395e76124b3690ad62c5f51e5bd1ac60a32039

    SHA256

    9a457675561458dc0126131952872a98322ec2aca40199d377049f22d853a1bd

    SHA512

    045ed8d0a51cc609556c5d180cb28010fab7662eaed1bcf3284b9ba40fc9c40c706b6d3986492609f23f6ff55ada34a8be2f99faac8ff46cf80bd335cacb4085

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\18D2.tmp
    Filesize

    63KB

    MD5

    a805a9675064248c60090eb686621b4f

    SHA1

    84230417a406b2b0ddd760551702365004e0fc64

    SHA256

    648e842e96c8f058029b280fb241e5ded6b14f59cb75eb0441b8f5cccfdf722c

    SHA512

    e5fe01fb4356fbd1528ca07ebc9690e71a736adbcee150539b5b582cacf13a584cf5187969fdfaf024db5022afda1bd85a5ed01a8b897b2417d1abba3bda3468

    Download Submit

  • memory/1204-0-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2600-5-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download