Analysis

  • max time kernel
    117s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 03:54

General

  • Target

    27180d2471f97c97d9cdd21127fc2ea1.exe

  • Size

    704KB

  • MD5

    27180d2471f97c97d9cdd21127fc2ea1

  • SHA1

    b90804e24df1165d95f555cae673dad91a6e9855

  • SHA256

    d6a77aa17001ec845ad537555f2b82b91cb4c76f65933ac5735ce223e303ef35

  • SHA512

    b4885643e156b8a4016cb714959ec059a62bc7dd8bf8b716f27eb2fb4c1e3ab5299e8ff72c3cb94709707d1fa49a51881c70bf632c6f318437b3c595cc8d15ee

  • SSDEEP

    12288:0T+WNwbGiZ2QWABE++JIUcebBk/PncyFYfVV6Y3SKJLZmX1:0TEbjlWABKceCTFc9LZmX1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27180d2471f97c97d9cdd21127fc2ea1.exe
    "C:\Users\Admin\AppData\Local\Temp\27180d2471f97c97d9cdd21127fc2ea1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Users\Admin\AppData\Local\Temp\64DB.tmp
      "C:\Users\Admin\AppData\Local\Temp\64DB.tmp"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\64DB.tmp

    Filesize

    704KB

    MD5

    5200c5af076a469d26b7991d8de45b54

    SHA1

    5989ea2c462ab8d5f8a8e993aa38a2ac74546b40

    SHA256

    e35d448dc7f33026de9b67557e7c06591b995a305470ca1d0451b70805f0126b

    SHA512

    0b9f2fd08c0db8b299f4836a34855881d22bea758578c6122e782a9e1d87a2d6b3b6d5dcfb89f74d0df7165311dada9d089fa57260ad1cc75752cb89573b3dad