Overview

overview

7

Static

static

3

14f32e639b...25.exe

windows7-x64

7

14f32e639b...25.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 09:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14f32e639b50ee08f7cb02a3c21edd25.exe

  • Size

    84KB

  • MD5

    14f32e639b50ee08f7cb02a3c21edd25

  • SHA1

    af70adbb355e34458d25f8dba22e555c6301ccce

  • SHA256

    b1e14c28e3d674fce41611468043a7f2e5e51aed8a72517660add6988af0005f

  • SHA512

    686f1c2d9d0ea2f2ad2676710a7a9d4c12f8eef7a58950296e3422c80c9b00c7685af2b6b4caba9dae56bf9dbb762fc0e5a4aff16b6b8ce3228b27d5959545e2

  • SSDEEP

    1536:5CGVc2OE6G3NgONFwzHgipwjl7eOR1tuD7zpkShDJoL0bsgrr2z6FjETi0P+bgAt:5CGVcM3NgONFUH3WB6ORGD7zpkShdoQd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe
    "C:\Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3836
    • C:\Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe
      C:\Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\14f32e639b50ee08f7cb02a3c21edd25.exe
    Filesize

    84KB

    MD5

    29b41f8422dbc7c4c708efe51c1b3cfb

    SHA1

    9092a09cf367911f445c95281c3b3e533612f821

    SHA256

    e18d3e0a833b4b566f0d6439e32ec5c1cbffdb21a5ea1fc134ed749af8ee9046

    SHA512

    fbcc10cfd86f782f2b013a7d9a86187eb5a07914031f41fdd6a9db1a3973109a7c8e5ad05221aae6c19bb380611ae5fb7bf60dedee0bc74acf50941c85985866

    Download Submit

  • memory/3836-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3836-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3836-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3836-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/5056-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/5056-25-0x00000000014E0000-0x00000000014FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/5056-16-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/5056-14-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download