Overview

overview

7

Static

static

3

29756d8bc8...91.exe

windows7-x64

7

29756d8bc8...91.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29756d8bc8de9b2f8db8401489bc0b91.exe

  • Size

    1.9MB

  • MD5

    29756d8bc8de9b2f8db8401489bc0b91

  • SHA1

    035315a4cb54778176778d049a1ea2c4fec87ec9

  • SHA256

    fdab35cf40aadf468efd9e6249147d3d2ccf0f440ed9f630d61546bca8c26049

  • SHA512

    34cd35d151f882eb0c230703674834ac7c2f975a35e644d062aa46204b1f1f5880eb9c9113661490d48d6ef8a0fde1b28f3dbbdd10a87b38ac99aa7e994f4a4f

  • SSDEEP

    49152:Qoa1taC070dtbru/OB8gKg67WWT+XXRcDnK2hUTP:Qoa1taC0kbMf7ORcTK4UT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29756d8bc8de9b2f8db8401489bc0b91.exe
    "C:\Users\Admin\AppData\Local\Temp\29756d8bc8de9b2f8db8401489bc0b91.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Users\Admin\AppData\Local\Temp\8768.tmp
      "C:\Users\Admin\AppData\Local\Temp\8768.tmp" --splashC:\Users\Admin\AppData\Local\Temp\29756d8bc8de9b2f8db8401489bc0b91.exe 47566271CDBA6CD7C971FD13BD1758660D954234B5E937DE9A2A121C9C3F11F8E904C5C9CB4E14AA1C2C0FAAD37E1792DF2B987D359EFEF44E47FF5852DDF36F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8768.tmp
    Filesize

    257KB

    MD5

    6b45a44143c7677bfce674882bf33690

    SHA1

    0769ee079ed76fe97518baac036a04df573b7f91

    SHA256

    41e075af91f37a8cb15123d62ab59e30d6ecc349d9807d2e3937fabd369adf1d

    SHA512

    a005a0faf520263ff6071be7ba3305890dbd5dd0e0f21922d9d36e004262692cf081b13fa959b2251a8e8de7f6b75ff27cba9235a6b2916ad0ae6f7d725335ff

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8768.tmp
    Filesize

    275KB

    MD5

    aa93f20980824621f981987fa94d1149

    SHA1

    cac9cf65e50308e8db025cf5a348b7a56f40bfcc

    SHA256

    6827969bcd884b65e08f0ac8e6a7b3aa99df7c64e5df8ea519510e8dd9e91694

    SHA512

    28dfe47f85473380021a58206e084d935842b1b0ff5c20f76185dc3d79811a08626ffdfe4f472aaedff80b325a4100263889826a00ab97c1f91e2a4d52575836

    Download Submit

  • memory/1504-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2284-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download