Overview

overview

7

Static

static

3

252f0ac8aa...5b.exe

windows7-x64

7

252f0ac8aa...5b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 02:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    252f0ac8aae0a181687071ddced16f5b.exe

  • Size

    1.9MB

  • MD5

    252f0ac8aae0a181687071ddced16f5b

  • SHA1

    1d0ccce773c19ac9676e8eea38e8406a4062ad90

  • SHA256

    8f8485910d7aa27d1449a6457726b467149136f71b2ba0f307e6c00eab672d50

  • SHA512

    678f040083c6bb96e2341e2f096e75a12be7e01938f17bf9f80e8a0adb5b5d1bc4dab0cde80715e55edc3525c7714204d20574a79167c079500f4df1f48c5b2b

  • SSDEEP

    49152:Qoa1taC070dpM6k2b2QvFHswF0iNnDsklCAXNq75:Qoa1taC06Mv2aQXJNBdq1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\252f0ac8aae0a181687071ddced16f5b.exe
    "C:\Users\Admin\AppData\Local\Temp\252f0ac8aae0a181687071ddced16f5b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Users\Admin\AppData\Local\Temp\9CF.tmp
      "C:\Users\Admin\AppData\Local\Temp\9CF.tmp" --splashC:\Users\Admin\AppData\Local\Temp\252f0ac8aae0a181687071ddced16f5b.exe B90FCCF8FD56BC03A67DF4B2E55E72F768C965A259BA9E56BCA0DC2E273B5D72620CB88D0F98BBC9B8AB5AFB62545102125D610FF54ECA3938D76D7B91F7E307
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9CF.tmp
    Filesize

    1.9MB

    MD5

    538d563f1ad28353533e6bb9131d4b45

    SHA1

    aaee4fbdc1966722629c9d00466da752e2944d7d

    SHA256

    e1ae61a0c77fccd2cd7369cc59bcad0db1293e5550d781e66dc8d91e0fd9e62b

    SHA512

    f32ea5403d4d1cc50298bca08b50cf58db8da821992bf68eff113bc62fc45424b7c304fac6b9dd5548eace46d5a91553cc4b216643d886ac71f9aee6ad856a62

    Download Submit

  • memory/2268-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3172-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download