Overview

overview

7

Static

static

3

1a01de0fdd...54.exe

windows7-x64

7

1a01de0fdd...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 13:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1a01de0fdd7510ecc99c229df2942254.exe

  • Size

    385KB

  • MD5

    1a01de0fdd7510ecc99c229df2942254

  • SHA1

    5d9f8019ebdf38a4790b6de840a94f4aee4df09a

  • SHA256

    3142f8cebf34579b9dba91ced90391b0d4ab3dd17fd438ab2f3869580d9b6a31

  • SHA512

    f64d8aecf159523d68f13fbf47efd2e1ed7e5bc7c12d8e81e833cace32bd3236423036e546cd0373efcf9fadc74db7e34b0a13652d540079d3648c8386c00542

  • SSDEEP

    12288:TNji4XDHhGw5RQVM0xrV5t40+pLNnn4rtOHdbwyBtzkgB:TNP3RQ/x555+fnn4ESy34gB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a01de0fdd7510ecc99c229df2942254.exe
    "C:\Users\Admin\AppData\Local\Temp\1a01de0fdd7510ecc99c229df2942254.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Users\Admin\AppData\Local\Temp\1a01de0fdd7510ecc99c229df2942254.exe
      C:\Users\Admin\AppData\Local\Temp\1a01de0fdd7510ecc99c229df2942254.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5000

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1a01de0fdd7510ecc99c229df2942254.exe
          Filesize

          385KB

          MD5

          76d6b08fb90afe99cf7a1aeaca143c25

          SHA1

          bf47ae4ed2da086352d19b94a78733c8157f7bdd

          SHA256

          7c1aababb3c4a94de70362aed90893513cbbfe01b5b060e457edb43ac851385a

          SHA512

          fa55091ce1208336bdb0c3050688e6ecb7a6d343bde2498d16b6226b93d26578fae3d644867ffdd01023b75fbfa79ae88137a653bee3c6ef643866a011d141a4

          Download Submit

        • memory/2356-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2356-1-0x0000000001600000-0x0000000001666000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2356-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2356-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/5000-13-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/5000-16-0x00000000015F0000-0x0000000001656000-memory.dmp

          Filesize

          408KB

          Download

        • memory/5000-21-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/5000-20-0x0000000004E80000-0x0000000004EDF000-memory.dmp

          Filesize

          380KB

          Download

        • memory/5000-36-0x000000000B600000-0x000000000B63C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/5000-35-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/5000-30-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download