Overview

overview

7

Static

static

3

2bd10174dd...66.exe

windows7-x64

7

2bd10174dd...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bd10174dd79fcca80fcd765c2bc0a66.exe

  • Size

    3.3MB

  • MD5

    2bd10174dd79fcca80fcd765c2bc0a66

  • SHA1

    18cf3da16fba8b400c4bffb9584af6b163c06ecf

  • SHA256

    86a5d8a8c2c53caccf4935c8224627ff47e26262223fe3e353802134c5a7c826

  • SHA512

    11e3c9a0038e6fee9436cb7f3ac34d2f8067c1cfaf06b40ccefb9c7ac3c24bda210bd2fdd56acdc45a769140ea04027b238aa55c567d7eddba8340ef356602cd

  • SSDEEP

    98304:QkMF6n7tWlMjWJF2shnqKpNv6c3sXAlk2O:PMF6nAMjkRzv6cQXr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe
    "C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4408
    • C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe
      C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe
    Filesize

    161KB

    MD5

    51113737c1d390304778abe12a38363f

    SHA1

    be83252b7e33d253df6f68facd560b477e20f13f

    SHA256

    29944662b2ee2a38092c1c87206a0442500429702aa2522c0bfe56a52f7ffae5

    SHA512

    4693b9a9539445ad4409e4c186c96ce406883a8e1cc4110734b0cb3c632edfd43e4de10e1d32f653b153e583b790ec4e73a7617f90951085b5e4916372818183

    Download Submit

  • memory/2104-14-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2104-15-0x0000000001D50000-0x00000000021C7000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/2104-13-0x0000000000400000-0x0000000000877000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/2104-20-0x00000000059B0000-0x0000000005BFD000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2104-21-0x0000000000400000-0x0000000000640000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4408-0-0x0000000000400000-0x0000000000877000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/4408-2-0x0000000001CE0000-0x0000000002157000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/4408-1-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4408-12-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download