Overview

overview

7

Static

static

3

24852ba8f2...1f.exe

windows7-x64

1

24852ba8f2...1f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24852ba8f2d0ddccfa1ee6aa0f6d0e1f.exe

  • Size

    22KB

  • MD5

    24852ba8f2d0ddccfa1ee6aa0f6d0e1f

  • SHA1

    d5433ddd108c0c697e8cebffb3e485b230a293ac

  • SHA256

    aa4726cc4242b0cce996f0cae00f05df712601513343d042f8760f736e4f1932

  • SHA512

    4121fe420ccb88b69100e25e685a50c9312d0e0fcbc2c70d4c0cd64462ad9d8f2d7fcfbf40eb83602c71b5fd41075934167ff3d0fe6197d5d4df32a108f229af

  • SSDEEP

    384:GWH0C2vDWRXhNnK612+9MWvPteE+d3VdKgHeSzdYKWke0yR74CCAklrqwF8/2snY:iC26nNNYLvKgHxwZ+CCHYwFpsnTbgtF7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\alitin.exe
    C:\Windows\system32\alitin.exe
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    PID:2668
  • C:\Users\Admin\AppData\Local\Temp\24852ba8f2d0ddccfa1ee6aa0f6d0e1f.exe
    "C:\Users\Admin\AppData\Local\Temp\24852ba8f2d0ddccfa1ee6aa0f6d0e1f.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2668-11-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2668-13-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2668-12-0x0000000000640000-0x0000000000680000-memory.dmp

    Filesize

    256KB

    Download

  • memory/3136-0-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3136-2-0x0000000002160000-0x0000000002161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3136-1-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3136-9-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download