Overview

overview

7

Static

static

3

169311e589...60.exe

windows7-x64

7

169311e589...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 10:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    169311e589b031a3b56a36a862686c60.exe

  • Size

    1.9MB

  • MD5

    169311e589b031a3b56a36a862686c60

  • SHA1

    18a051fb287d4b5e65004f08e008f5484468d418

  • SHA256

    754a0458a14d26470b9697ed722e2862da72edb0fa65ea60514118954c133707

  • SHA512

    eb61b1fec450e420a5970c88f48ed6092c20f4ea2af9c05720cda6a065a8e758daa74e80bc2cc0c3729228db58771cffd1d96576a09c4021b1f97dcd0e94e124

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10deU2FJInl2+mpVs1t132pJNOwP8zETD/qEMWh:Qoa1taC070deU2Fqk+iUmPgwkzc7wMP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\169311e589b031a3b56a36a862686c60.exe
    "C:\Users\Admin\AppData\Local\Temp\169311e589b031a3b56a36a862686c60.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3884
    • C:\Users\Admin\AppData\Local\Temp\8C71.tmp
      "C:\Users\Admin\AppData\Local\Temp\8C71.tmp" --splashC:\Users\Admin\AppData\Local\Temp\169311e589b031a3b56a36a862686c60.exe E4A5BE6E7F29817693982287709B451C91B9A3431D4873505FD6FA74C8185E6BD12360D28C07BADAD644BAA9132BA59E7BD58E7F232E2E9257782C5A614C7B42
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8C71.tmp
    Filesize

    1.9MB

    MD5

    70fcf926676f716f1c37c4dc8628a2ac

    SHA1

    9ca5b248f66f282351e51cf13f7c65d808c3f0a3

    SHA256

    3bff56e78fecf3dee9a99014beb5ae84d566bbad86003e7a4e9b03b0efc8fd3f

    SHA512

    5c1545aa879e4e84f6dc0e1a0fa2acff1a8c9ba15fcddbe1f4e2fe8f74ea6e10db534a76d33b8db126f8bca96e92d20b8c240f959a0984abb2ec08dc25505bcb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\8C71.tmp
    Filesize

    900KB

    MD5

    f87e1a2ee19405a7a0af41d567ba8a58

    SHA1

    2eb8b930c4c2f87ac40fbc82750ae4d076e5687f

    SHA256

    4f88131e7a175e6be1e8953d7c1b8e513633a623b8e2bd8011b1fcf6bec1bb02

    SHA512

    745b7231310fe187ce7e5b0b5d09c5e0218ba8f3edbc409752508c9377f3508e0e5930d496a8ba1f4c062dc22f003ebbbe1bd011ce387d030273a92985756099

    Download Submit

  • memory/2516-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3884-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download