Overview

overview

7

Static

static

3

14f32e639b...25.exe

windows7-x64

7

14f32e639b...25.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 09:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14f32e639b50ee08f7cb02a3c21edd25.exe

  • Size

    84KB

  • MD5

    14f32e639b50ee08f7cb02a3c21edd25

  • SHA1

    af70adbb355e34458d25f8dba22e555c6301ccce

  • SHA256

    b1e14c28e3d674fce41611468043a7f2e5e51aed8a72517660add6988af0005f

  • SHA512

    686f1c2d9d0ea2f2ad2676710a7a9d4c12f8eef7a58950296e3422c80c9b00c7685af2b6b4caba9dae56bf9dbb762fc0e5a4aff16b6b8ce3228b27d5959545e2

  • SSDEEP

    1536:5CGVc2OE6G3NgONFwzHgipwjl7eOR1tuD7zpkShDJoL0bsgrr2z6FjETi0P+bgAt:5CGVcM3NgONFUH3WB6ORGD7zpkShdoQd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe
    "C:\Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe
      C:\Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe
    Filesize

    84KB

    MD5

    68b95d72c281738f4014b012c288ffb9

    SHA1

    1b327707cde7be64be2849a39e85591f7dbf1264

    SHA256

    e18090974159658a459a6e8da1a85b3f1e7b140342f4f034bd12ae748ac51109

    SHA512

    c716e8b42a6cbc52a72d671a7082eabc0a2fce6982ed932589fdd56c6b298a4e06336ec7401a436e07e40dca8761b6ff490af8caea6ca00a232f5689fb4140f1

    Download Submit

  • memory/2124-19-0x00000000002E0000-0x000000000030F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2124-21-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2124-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2124-25-0x0000000000340000-0x000000000035B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2408-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2408-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2408-1-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2408-15-0x0000000000220000-0x000000000024F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2408-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download