Overview

overview

7

Static

static

3

2d4a473547...94.exe

windows7-x64

7

2d4a473547...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 07:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2d4a47354738721ad8ecb57bc9415194.exe

  • Size

    1.1MB

  • MD5

    2d4a47354738721ad8ecb57bc9415194

  • SHA1

    0ebe54742f25725911d120870a13c2e961fca8cc

  • SHA256

    b28d0fdef9637f306559d35c844379eaf4f29077ed4b214f327a34762ebb4f8a

  • SHA512

    cf42a839c60fed0e51bbde79d16505034e74044fe0946d2bb2abab3251eaccf530a02af8ceed5fe29691b5e54bd8951224e1dc918df1f4eb9d18926f14ca4909

  • SSDEEP

    24576:SypW9SgLNZaOdcTMuUvxIgrsiUI3Kd8Vg706XJSy8Bzz4pA25FRn:St9SgLNZa6xIOsiURd8kdYy8Bz4Oc7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d4a47354738721ad8ecb57bc9415194.exe
    "C:\Users\Admin\AppData\Local\Temp\2d4a47354738721ad8ecb57bc9415194.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Users\Admin\AppData\Local\Temp\7945.tmp
      "C:\Users\Admin\AppData\Local\Temp\7945.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2d4a47354738721ad8ecb57bc9415194.exe D4FFC99A1C45EDED860B7113021321196849422770E9610D4F904B46C44782354AE2AC403CF2B378FF8D6EB2A1F1E6C098CC2A5286163B6362CDC2108B932619
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2480

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7945.tmp
          Filesize

          565KB

          MD5

          0550a31afedfc03241cd8850fada0e7e

          SHA1

          63183b04537c504bea0aaba2a109955bd11bd965

          SHA256

          0f2befcf8758ef0452da78240db7d2547fa2923ec12ed0a6fcd74e9ecd5a3628

          SHA512

          449d754c116a280aa014cfaaf43d3e1854296ae06d638d42fee5229bbded8fa97385a22c53e9712353eb06ec77b128604142c2390d09a75cf6464d12919c283b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\7945.tmp
          Filesize

          1.1MB

          MD5

          dbabdd7d1e90e082f35c065c9cfc88c8

          SHA1

          bc0357355e47a27b1ebd6cce46a03b49452dc786

          SHA256

          f22f6a3b35a8f779b72076865d50438150d87b0bb9f3ede86f1bb371b2c67901

          SHA512

          204aae078ae8cc56c451e61bf66107da336c31db6145bd6e8fc36bd754eff0923ee2ae7b1c3d704b08b24f803ff788a89fe6e93196a965d49ad0b79ce8b3e03e

          Download Submit

        • memory/1476-0-0x00000000001B0000-0x0000000000200000-memory.dmp

          Filesize

          320KB

          Download

        • memory/1476-1-0x0000000000950000-0x0000000000A95000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1476-8-0x00000000001B0000-0x0000000000200000-memory.dmp

          Filesize

          320KB

          Download

        • memory/2480-10-0x0000000000130000-0x0000000000180000-memory.dmp

          Filesize

          320KB

          Download

        • memory/2480-9-0x0000000000E20000-0x0000000000F65000-memory.dmp

          Filesize

          1.3MB

          Download