Overview

overview

7

Static

static

1

213bfff90f...b3.exe

windows7-x64

7

213bfff90f...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 00:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    213bfff90fd4ce5c16f9296ad3f2a8b3.exe

  • Size

    955KB

  • MD5

    213bfff90fd4ce5c16f9296ad3f2a8b3

  • SHA1

    aa263d8c75e75ec7017fd965136850d93c04e865

  • SHA256

    055eee7aea85c7634cd7c6c250f246d46eea788778b0c4b516591063c27bbf46

  • SHA512

    612b55dd62a9e1f67f356bb3c9801fc14de683dccbfd3e18180ead5a1ad380b886e549694ef607732bbd1a3ce9ba824dc36b329c468a7d132d8afdd6e4de8f4a

  • SSDEEP

    24576:sv+MKaA19WFmO+vCZx2tPmHWs/wkMnwG/uUOVTRh29s:sWj19MmOyCyJmH7/w1nOVTJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\213bfff90fd4ce5c16f9296ad3f2a8b3.exe
    "C:\Users\Admin\AppData\Local\Temp\213bfff90fd4ce5c16f9296ad3f2a8b3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4312
    • C:\Users\Admin\AppData\Local\Temp\is-P09HM.tmp\213bfff90fd4ce5c16f9296ad3f2a8b3.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-P09HM.tmp\213bfff90fd4ce5c16f9296ad3f2a8b3.tmp" /SL5="$A0066,695665,81408,C:\Users\Admin\AppData\Local\Temp\213bfff90fd4ce5c16f9296ad3f2a8b3.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Users\Admin\AppData\Local\Temp\is-MGTP3.tmp\213bfff90fd4ce5c16f9296ad3f2a8b3.tmp
        "C:\Users\Admin\AppData\Local\Temp\is-MGTP3.tmp\213bfff90fd4ce5c16f9296ad3f2a8b3.tmp" /SL5="$C004E,56149,54272,C:\Users\Admin\AppData\Local\Temp\is-P09HM.tmp\213bfff90fd4ce5c16f9296ad3f2a8b3.tmp" /SL5="$A0066,695665,81408,C:\Users\Admin\AppData\Local\Temp\213bfff90fd4ce5c16f9296ad3f2a8b3.exe"
        3⤵
        • Executes dropped EXE
        PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-MGTP3.tmp\213bfff90fd4ce5c16f9296ad3f2a8b3.tmp
    Filesize

    692KB

    MD5

    7415710f1846e7249d4bc4d85295eff1

    SHA1

    36c8cd5a3e3a49d39dbe57271766a105a2ed7ce7

    SHA256

    50827efcb07e93c17f471a2ef87a104dc1596f19334ebc77180fe08ae55e383a

    SHA512

    8b79191758ad654e9e080efa608139355c14494dcc2a1350bb7d0912baa834f434f9236e627ce939d4c187cd3d3a2719e67b8d6fc4a098c6a38b37c10eb95a3d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-P09HM.tmp\213bfff90fd4ce5c16f9296ad3f2a8b3.tmp
    Filesize

    292KB

    MD5

    d0e54e9c7cea8eb2e371077261a645c9

    SHA1

    ea5f3078ea07c5009fca54b8b9930f21c364e006

    SHA256

    4c3ce6ce98c04346e046de8efb303c85d8e4f30bb8406efdd880476660f2550d

    SHA512

    a119ecef15e6c84bd6664dfb6df618e5194b3385c0381ea5825739755ab633e8d1f1cdcfaa5848a66a1d670cd37a8955ef5ea6a92de7285e21a35e1821af3eff

    Download Submit

  • memory/2224-7-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2224-20-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2416-13-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2416-21-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

    Download

  • memory/2416-25-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4312-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4312-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4312-19-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download