Overview

overview

7

Static

static

3

214993fe4f...60.exe

windows7-x64

7

214993fe4f...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 00:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    214993fe4f2569e868a493c5fa6e9460.exe

  • Size

    82KB

  • MD5

    214993fe4f2569e868a493c5fa6e9460

  • SHA1

    a6dff6d74a5ba6f47c258c9ece86625148ef55ef

  • SHA256

    b09e52dd4f06cfc220c533fcec6a3e1a8338a8034dbbb51b61bd25acb6dd229a

  • SHA512

    7c13f23c2177af3084e0b74a5a9d4eba5aaaee291ef60792137bffee56825636d75de77b5108f7b49be98e853b525f0eed71023a35694685e8e01d07931a39f5

  • SSDEEP

    1536:w7xt2rlIhdjPI7ucCd8Dlok+3QkFbMFIbdtXrDma8dUTZJ86:wFt2rWIzE8JMSItXrSaHI6

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\214993fe4f2569e868a493c5fa6e9460.exe
    "C:\Users\Admin\AppData\Local\Temp\214993fe4f2569e868a493c5fa6e9460.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3724
    • C:\Users\Admin\AppData\Local\Temp\214993fe4f2569e868a493c5fa6e9460.exe
      C:\Users\Admin\AppData\Local\Temp\214993fe4f2569e868a493c5fa6e9460.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5084

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\214993fe4f2569e868a493c5fa6e9460.exe
          Filesize

          82KB

          MD5

          2c4f005930728c7f821962d8acce0d1e

          SHA1

          ba434b4658cc594522a28136ae1ab1b962c2970f

          SHA256

          694075be92e09738197a165d7363c90ba340de9b4c119e708e6a5c14ccc01058

          SHA512

          4a739b4b33a1e1f185d8fd7a65dbf8de1258564e9d468ee4364c775e34198ea16897bdc70aa399cbf8468dab2fb876182df01f707b9722deb0a745ed320ffc0b

          Download Submit

        • memory/3724-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3724-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3724-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3724-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/5084-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/5084-14-0x00000000000E0000-0x000000000010F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/5084-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/5084-24-0x00000000025B0000-0x00000000025CB000-memory.dmp

          Filesize

          108KB

          Download