Overview

overview

7

Static

static

3

272ca9eb07...46.exe

windows7-x64

7

272ca9eb07...46.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 03:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    272ca9eb074c8df57aefdde7011f3646.exe

  • Size

    57KB

  • MD5

    272ca9eb074c8df57aefdde7011f3646

  • SHA1

    bd747422c291f78c2ac69608d894be187312eb05

  • SHA256

    1a6eb9c82e8fd9dc110d1c7619f2f8bdbf78702a9004af34a1cfa1918dbc128b

  • SHA512

    08f7577e57e201f779150b9a7f03f6a43e66c3353b919aee4076f26381196f7b7372e0d911460b3acafa80aa9187dc660eaf66c73b651ef8fe925ed459783d57

  • SSDEEP

    1536:qP/wE3waVsOBoC19E0n7S7OhtwKvNa05NF2ezh:qHwtO6CxWiheyZ57X

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\272ca9eb074c8df57aefdde7011f3646.exe
    "C:\Users\Admin\AppData\Local\Temp\272ca9eb074c8df57aefdde7011f3646.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4824
    • C:\Users\Admin\AppData\Local\Temp\272ca9eb074c8df57aefdde7011f3646.exe
      C:\Users\Admin\AppData\Local\Temp\272ca9eb074c8df57aefdde7011f3646.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\272ca9eb074c8df57aefdde7011f3646.exe
    Filesize

    41KB

    MD5

    1096d7b957756bdf8390359afaa92e31

    SHA1

    271e8308f75e7b641cf9c496ece07addd732e36a

    SHA256

    1d6b0df31b0cb395d4db18e8798576bb5007ffc0a90fea0a12aaab0cde5985b1

    SHA512

    a07f5ca75b5c7731a55c0792fbd88f8081c1283cdb1c6285d61fe5b1af2d5bc8efc989d36332dba65a9fc62b60e1edbedaabc5449b5acda9ca926e73851a6d54

    Download Submit

  • memory/3052-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3052-25-0x00000000014D0000-0x00000000014EB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3052-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3052-18-0x0000000000190000-0x00000000001BC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3052-13-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3052-26-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4824-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4824-1-0x00000000000E0000-0x000000000010C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4824-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4824-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download