Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
30/12/2023, 14:29
General
-
Target
1b762cecae1fe44dcc9df5eaf0389036.exe
-
Size
43KB
-
MD5
1b762cecae1fe44dcc9df5eaf0389036
-
SHA1
0b9044e9b7df40dcce8b9fc92c5a195d8583d3b8
-
SHA256
877fb6547caea48da7edcc8c7b27e342e47a9f17dfaa339a724dd3a91f77b3c5
-
SHA512
89545d81301594195146cceb88b447dd4b2232604b0425ab88f3dff770cc49a2f056296c1041606005f31dac9cb62d0e2236db5ba5c2fa89aa98d3d51c6a1db1
-
SSDEEP
768:W3kPRtziOk081Kxhobg7rbQX+ugYjKmBvbZ6TJfr/RQT8vIPe4MCEAT6+ZO:jAOh8sxig7rbjzgjcBRJuDjtm+ZO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b762cecae1fe44dcc9df5eaf0389036.exe"C:\Users\Admin\AppData\Local\Temp\1b762cecae1fe44dcc9df5eaf0389036.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\pmzilqnq\xqdovgfw.exeC:\ProgramData\pmzilqnq\xqdovgfw.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe/c del /f C:\Users\Admin\AppData\Local\Temp\1B762C~1.EXE.bak >> NUL2⤵
- Deletes itself
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD51b762cecae1fe44dcc9df5eaf0389036
SHA10b9044e9b7df40dcce8b9fc92c5a195d8583d3b8
SHA256877fb6547caea48da7edcc8c7b27e342e47a9f17dfaa339a724dd3a91f77b3c5
SHA51289545d81301594195146cceb88b447dd4b2232604b0425ab88f3dff770cc49a2f056296c1041606005f31dac9cb62d0e2236db5ba5c2fa89aa98d3d51c6a1db1