Overview

overview

7

Static

static

3

24a4b75ea0...c4.exe

windows7-x64

7

24a4b75ea0...c4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24a4b75ea07b5938f69431266a3231c4.exe

  • Size

    84KB

  • MD5

    24a4b75ea07b5938f69431266a3231c4

  • SHA1

    3424b65c200cd6b94503bd9e549e6ba3834ba009

  • SHA256

    24acf88b90ef33740265c252d0c7b364782e9612a626807c2c0c0b26fe8070fc

  • SHA512

    14b6f9ee86ccbb9f3d59fba7ba98bd6c50d92dcf6e774613de3fe79dc7b1f80d0481de65b9ea84ca7d74c9ba7a8a2df8b6d477f8a826b718461b9132a3192eb7

  • SSDEEP

    1536:jW7uk7MwJNF5CVzAu/+7CJ1Gmpx7kfNZ+gz0lvkgz5t3X05Hz0HI1Udw+XUn:K7ukH80S+7wvqNZwsSnXoWiUS+XUn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24a4b75ea07b5938f69431266a3231c4.exe
    "C:\Users\Admin\AppData\Local\Temp\24a4b75ea07b5938f69431266a3231c4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Users\Admin\AppData\Local\Temp\24a4b75ea07b5938f69431266a3231c4.exe
      C:\Users\Admin\AppData\Local\Temp\24a4b75ea07b5938f69431266a3231c4.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\24a4b75ea07b5938f69431266a3231c4.exe
    Filesize

    84KB

    MD5

    48de3d17b1c5446c5776774ef1254d69

    SHA1

    68e02c5db50ebcc175b1820eb0085d50aa243903

    SHA256

    ce4d6d1cac50111ab27d5ae40d682d3617ca8f13c92819710775966a25e38879

    SHA512

    83c42902de422b2d34543c1692c8d0b9bd3ce3003cb516228377668d5df3de646f22dda21c1e1e817b227558ad86538d68b87e72b0d0002c9d993fd4ee6db85b

    Download Submit

  • memory/2720-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2720-1-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2720-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2720-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2720-12-0x0000000000210000-0x000000000023F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2748-17-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2748-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2748-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

    Filesize

    108KB

    Download