Overview

overview

7

Static

static

3

2979b17d6c...c7.exe

windows7-x64

7

2979b17d6c...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2979b17d6cdc30c62ac46c1f2c132ac7.exe

  • Size

    907KB

  • MD5

    2979b17d6cdc30c62ac46c1f2c132ac7

  • SHA1

    7a1fc6d91fbb9bad3e7d68171d73da44dd3c8a84

  • SHA256

    6deedb732a211f2ccc4812aab180e9a19254a82dae22b7aefffb1c546626d8bc

  • SHA512

    03d4a6e3efbc9a62a8e422b396de67d6feea0b304e050326df74aaca204013d76fcc10d149bb3dbabfdbaacfbc4825c6964a08af5292a10315662d7c88ef6dd7

  • SSDEEP

    12288:vJKDfAUidIj8iMZTWAtNANy/1rtdtAo8aGQyk5WGjVDa/ZS1:4D58t3tNAc/htdtr8M3oEa/ZS1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2979b17d6cdc30c62ac46c1f2c132ac7.exe
    "C:\Users\Admin\AppData\Local\Temp\2979b17d6cdc30c62ac46c1f2c132ac7.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3896
    • C:\Users\Admin\AppData\Local\Temp\2979b17d6cdc30c62ac46c1f2c132ac7.exe
      C:\Users\Admin\AppData\Local\Temp\2979b17d6cdc30c62ac46c1f2c132ac7.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2979b17d6cdc30c62ac46c1f2c132ac7.exe
    Filesize

    907KB

    MD5

    52610b4d9d39a3873cdd5c2ddae70c9d

    SHA1

    ade1ab423d0555a061ed191d3c31975b71978b78

    SHA256

    f2ad1db50a3e235dd48eff44cbce1bb878830ad76fa84c82d020beb8e3d6f201

    SHA512

    e139afa2cbc6980997c56b5db9c6c71c8ae579cb5c17cf37a462526a4ab897bf231a5949c6dabb3c58b0683dc23000e15236af5e7b572e6db64b42fef2f1fefb

    Download Submit

  • memory/3724-13-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3724-14-0x0000000001710000-0x00000000017F8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3724-21-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/3724-20-0x00000000050C0000-0x000000000517B000-memory.dmp

    Filesize

    748KB

    Download

  • memory/3724-32-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3724-36-0x000000000E8A0000-0x000000000E938000-memory.dmp

    Filesize

    608KB

    Download

  • memory/3896-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3896-2-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/3896-1-0x0000000001790000-0x0000000001878000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3896-11-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download