Overview

overview

7

Static

static

3

2b78b6e57d...3a.exe

windows7-x64

7

2b78b6e57d...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 06:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b78b6e57deac7ab08573bb6640bc83a.exe

  • Size

    1.9MB

  • MD5

    2b78b6e57deac7ab08573bb6640bc83a

  • SHA1

    7ead000ad0fb648b02ea98323ab70a5501170dd0

  • SHA256

    850e3c2a050b7bf6ca6f2e5a0ebde92e8665f370c25aa5da902803dd502d21fc

  • SHA512

    ab700b6e06831dee92c52a33b29f3db7efbee5237315a612213fdbf79479c129d3438dcea2c2bc7c1d8dfae4dcca90c94c23cedb24cf7068eebb9afa6a944fca

  • SSDEEP

    49152:Qoa1taC070d5H2D0RCYtGjgZDVjP4iwyySp6S:Qoa1taC0GHaw7agZRjfySp6S

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b78b6e57deac7ab08573bb6640bc83a.exe
    "C:\Users\Admin\AppData\Local\Temp\2b78b6e57deac7ab08573bb6640bc83a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\14F7.tmp
      "C:\Users\Admin\AppData\Local\Temp\14F7.tmp" --splashC:\Users\Admin\AppData\Local\Temp\2b78b6e57deac7ab08573bb6640bc83a.exe DF8D0B7CA1BE28EA52A494358E69EFF0A4B56342A5518BF0C328AD092A9027FFF439F90CFDA936EC04C1FE92C8DAD5C46522C667654DC68191BF9E7F4481352A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\14F7.tmp
    Filesize

    115KB

    MD5

    d3114ed9d47667588d44af946513962c

    SHA1

    d9030daeccbc842d695555655a8393d58115e6cc

    SHA256

    bcbea1862a4e54e1fd5763c4f3a4e15bb0b1f0d242c1baa7dd473e1895b1a8d4

    SHA512

    f96ed24e95a5291aafa6974c517d9ef3a25c32eac473fb5541639d1c04fae4ac2e3a6b370956ab0ad66f738ad72bc459ecd3bb8992a54f82376d41852ef44181

    Download Submit

  • \Users\Admin\AppData\Local\Temp\14F7.tmp
    Filesize

    1024KB

    MD5

    f2072ec1828fcf2e425c5f159d17a783

    SHA1

    a447e59b4f3f844989714786675a32c609977dc8

    SHA256

    403d946696df01b469b6074338b2a3ca336ecbe60799e7ba17a7946226f0fae1

    SHA512

    e1dabac047e4b594b1180af58e21327c8731f53f3c289f1f392209fa359aae37cf0d2390b5d05553d064ab8ba4741f7a5acdd61e665cd99038e6abdc5b98501b

    Download Submit

  • memory/2148-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2264-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download