Overview

overview

7

Static

static

3

2469937455...1c.exe

windows7-x64

7

2469937455...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 02:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24699374553af5de2ce23039dcea391c.exe

  • Size

    550KB

  • MD5

    24699374553af5de2ce23039dcea391c

  • SHA1

    d02bb19a0802fe3551abe43e0f68cb6c9f9d4c8e

  • SHA256

    e91b49f52e95dbe9396117dfbfa37e27646ff98986adba5beba29a34c9273a68

  • SHA512

    0ea577bef7476b05633c17d4f69a91547791b10d876732bd8000ba59d41c603706906b37b6948153b4c42498071cf32e0dedad325ab2d64718fb7f57e587af2d

  • SSDEEP

    12288:MLry/neyx7f/A64j7PV/Fjh8UxwD9KIL4Ys9c:qKeyxTAJj7PV/JhzCDoIL4Y3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24699374553af5de2ce23039dcea391c.exe
    "C:\Users\Admin\AppData\Local\Temp\24699374553af5de2ce23039dcea391c.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4376
    • C:\Program Files (x86)\nzftfo\hgla.exe
      "C:\Program Files (x86)\nzftfo\hgla.exe"
      2⤵
      • Executes dropped EXE
      PID:2492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\nzftfo\hgla.exe
    Filesize

    87KB

    MD5

    7052ddb37be7b69d2d66a9336843d15d

    SHA1

    9b5bdf60192cc6ac2014597b8975d869477d0a2b

    SHA256

    d271e75dd3d86ed3362a97f297055129f60dc8fdf1d911c6c26a4d4017a8afc7

    SHA512

    fcd4520860dff95de0ddafa21c947d7342df1961371aae13880f4e1306862f48627ab2fb849f39ff870996af520d3033b923aa37130cabf98feb69cbe793f527

    Download Submit

  • memory/2492-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2492-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2492-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4376-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4376-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4376-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download