Overview

overview

7

Static

static

3

248f83cf37...ae.exe

windows7-x64

7

248f83cf37...ae.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 02:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    248f83cf374d56d59cfdba8691e2c9ae.exe

  • Size

    84KB

  • MD5

    248f83cf374d56d59cfdba8691e2c9ae

  • SHA1

    0f7e173da867f2c97fb35a81314e6a5982a5b477

  • SHA256

    529d113d4b046ca0f9cfb851d688d5645211ac037a87c454f0eb9f29e355d241

  • SHA512

    9df50af46048757023ebc8291c562cc32bdb6ac58246e5783318e62f93f5411e06a10e6f9cdf3294429068083e6b20c7f480c8828282ccfd78a4ca337d06b114

  • SSDEEP

    1536:iNk9tlFNzm2X3D5/I+jzLAmv6zM6HpgXMgkR7A6bBaqf+poKuLXgL9q:igtc2HF/PPAjH66kKN0ewRq

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\248f83cf374d56d59cfdba8691e2c9ae.exe
    "C:\Users\Admin\AppData\Local\Temp\248f83cf374d56d59cfdba8691e2c9ae.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\248f83cf374d56d59cfdba8691e2c9ae.exe
      C:\Users\Admin\AppData\Local\Temp\248f83cf374d56d59cfdba8691e2c9ae.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\248f83cf374d56d59cfdba8691e2c9ae.exe
    Filesize

    84KB

    MD5

    5ac0189eaf4c9a63fbab251fc629768e

    SHA1

    14f5ad85878127e6cbedb43de7383f22ad53baa4

    SHA256

    347f4d46b0824393824b6613fcd0dee90ea7ca09e67a9060abb25d1d94c802ed

    SHA512

    c787e4f43d98c0f2ecd0d4dd165a8c78333d5e4a5a9870a9f8c933b3e0a99356e42e1170b78a32b3a183c3b394eecfe05aae1dcdf3b9a22c166e8ecefc0eb090

    Download Submit

  • memory/1968-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1968-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1968-6-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1968-12-0x00000000003B0000-0x00000000003DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1968-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2216-19-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2216-28-0x0000000000220000-0x000000000023B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2216-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.