Overview

overview

7

Static

static

1

1c281e1b97...51.exe

windows7-x64

7

1c281e1b97...51.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 20:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c281e1b970db0b214ae69e5987bfb51.exe

  • Size

    5.9MB

  • MD5

    1c281e1b970db0b214ae69e5987bfb51

  • SHA1

    cc08011196ba57eb8afe09d04cd51fd66c86fe2b

  • SHA256

    12aab05a9ffa10102ab152bba8ff64f884d423d975417168420768530aa4c8df

  • SHA512

    55a73c8fe6cb02eeda4f5f17c741b03e9be6e9dc117d99c1bb783387ca46d985908d1e6862cdfbca3e9202cad09037f193085ab58874f4421535aaeccf5d47b0

  • SSDEEP

    98304:xDaJjqao1SJZxTBTBbEA4eWauPBuFlP9COdUOYT58xX+3U9xKjAa08yJa20JuQAT:0qa8YbjfaPaHA5yYQ4jLtyJH0Mt9x3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c281e1b970db0b214ae69e5987bfb51.exe
    "C:\Users\Admin\AppData\Local\Temp\1c281e1b970db0b214ae69e5987bfb51.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Users\Admin\AppData\Local\Temp\is-BHAP3.tmp\1c281e1b970db0b214ae69e5987bfb51.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-BHAP3.tmp\1c281e1b970db0b214ae69e5987bfb51.tmp" /SL5="$80050,5675159,115200,C:\Users\Admin\AppData\Local\Temp\1c281e1b970db0b214ae69e5987bfb51.exe"
      2⤵
      • Executes dropped EXE
      PID:3380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-BHAP3.tmp\1c281e1b970db0b214ae69e5987bfb51.tmp
    Filesize

    1.1MB

    MD5

    cbb47e65d30c1e2168d93c6342228ec6

    SHA1

    71256207e7a47fdc117521c151c018fd2c02f4e5

    SHA256

    a6879f2ba1f5f99e13d9d8948aca3c84461716b6b497560f8517690bce66948a

    SHA512

    1e427d40a92d89ea17b74f1e7bcc29189b5a6e4d127b6d6b146bd2030bc155ed60798322364f27a8a334254e7658dfccc5b252241eea0783b447b9f3e529de64

    Download Submit

  • memory/1520-0-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1520-14-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/3380-6-0x00000000022E0000-0x00000000022E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3380-13-0x0000000000400000-0x000000000052A000-memory.dmp

    Filesize

    1.2MB

    Download