Overview

overview

7

Static

static

3

295639368f...51.exe

windows7-x64

7

295639368f...51.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 05:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    295639368f14a46c46d0d08b67432251.exe

  • Size

    57KB

  • MD5

    295639368f14a46c46d0d08b67432251

  • SHA1

    f216114038cb77467f9208f9e7ddcef62de1d18a

  • SHA256

    e57502f73a854395ea371e04650f7bfbf6775e2642702e86803e9dcdb72b9b42

  • SHA512

    3cd41e11c84bef6451e210be00a0cb0701ef300c192c2f79813eb8272d18866a44ad8eb4fc6c26f4e19d3cb13c3c43608dd5cde6dac5a3a0e52088e9c62a489f

  • SSDEEP

    1536:AOJay3fqwEPrvtIm22Q2cAGhLAzciZxH9YoSC/VhDeCW:AOAAiwuY/AeLMvZxHeC/HDe7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\295639368f14a46c46d0d08b67432251.exe
    "C:\Users\Admin\AppData\Local\Temp\295639368f14a46c46d0d08b67432251.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Temp\295639368f14a46c46d0d08b67432251.exe
      C:\Users\Admin\AppData\Local\Temp\295639368f14a46c46d0d08b67432251.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\295639368f14a46c46d0d08b67432251.exe
    Filesize

    57KB

    MD5

    4babad92f34a023b76e9b999a27fac18

    SHA1

    6f8bf8e6a99168fc8f8e44d3d9a865c679366cf4

    SHA256

    4dc5249b2b90059ea3ed5578121db1c7e60b2dc7190c11460c9f8c169801fbf1

    SHA512

    9aaa4cea2ca3ca70092d637d41857f8bc51849583f89b2e7ea108dc66d4c0469c4a6ebe066197ef5f8df9d213b7faef3cb7c2c2c3f37a5530ca5192cc9e84f6e

    Download Submit

  • memory/2168-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2168-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2168-7-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2168-12-0x0000000000180000-0x00000000001AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2168-16-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2684-22-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2684-17-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2684-28-0x0000000000190000-0x00000000001AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2684-27-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2684-29-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download