Overview

overview

7

Static

static

3

256eb4b14b...a8.exe

windows7-x64

7

256eb4b14b...a8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    256eb4b14bc2771b6a399a8ea0f22aa8.exe

  • Size

    1.9MB

  • MD5

    256eb4b14bc2771b6a399a8ea0f22aa8

  • SHA1

    fd7a738c862bfe4bac3a95270e37c00da273f2f3

  • SHA256

    84ae450ebdefc306b657e1ea21a01156558c58e3d8b474e24f11c9ff76f4d954

  • SHA512

    d3ca840e980ccf59cdacd2d156cd627fa5f400249e9f17e15a36507e4c2e3db4cc7c1f5a2284d062e08ccb3d1e4bf53c46514ed63646bd1893618d01c7f9add4

  • SSDEEP

    49152:Qoa1taC070d91v8/U/5yoqH0SPrasyMO5Dhl+JY+:Qoa1taC0b/M5bSzXz+hAl

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\256eb4b14bc2771b6a399a8ea0f22aa8.exe
    "C:\Users\Admin\AppData\Local\Temp\256eb4b14bc2771b6a399a8ea0f22aa8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Users\Admin\AppData\Local\Temp\9BE2.tmp
      "C:\Users\Admin\AppData\Local\Temp\9BE2.tmp" --splashC:\Users\Admin\AppData\Local\Temp\256eb4b14bc2771b6a399a8ea0f22aa8.exe FD8189CB4CD8E95C1143996D6076D0D2F8462341C541ED9B523AB03209F4B91F2568307342C9A647E79CBD75F70BBA319264143EECCB46764735C22A233EA768
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\9BE2.tmp
    Filesize

    1.9MB

    MD5

    a3321fdb89d87802f316e57a2323f3a1

    SHA1

    42a4e0a42b1e43a8da995bd4c580596d17890da3

    SHA256

    695998739465a407bd6d84e1c6985639248d6ee700062f34479ad585d4261235

    SHA512

    deadd27a2a11490e64287623e648845c3f95d64468c913d36543fbd1eb47362a747e60dc1d4ed5886114d0025abcd524d2a2b460f7656454418b563f6dbdeb54

    Download Submit

  • memory/2032-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3040-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download