Overview

overview

7

Static

static

3

2c70e01a98...88.exe

windows7-x64

7

2c70e01a98...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 06:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c70e01a98fdc3acc0e7b11e17109188.exe

  • Size

    1.9MB

  • MD5

    2c70e01a98fdc3acc0e7b11e17109188

  • SHA1

    a0f25424f1edd051f52fc5cf5e06a9867ac0efb2

  • SHA256

    44fa14f60642583a09a2cb4dfb6c9c6c4138748b5bc9f7812bcf412075b97865

  • SHA512

    59c9538280e9e53438abbf7728bb5739c37ad333084a310f0625603ec8e2fa293885facbda5369b2ba3222b991e4c9603aa4e7cdf5bb826548467cc7114b5510

  • SSDEEP

    49152:Qoa1taC070de4vz1Ss+dZVM6+CQQkCpBUoAK:Qoa1taC0B21kJMLQdBvh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c70e01a98fdc3acc0e7b11e17109188.exe
    "C:\Users\Admin\AppData\Local\Temp\2c70e01a98fdc3acc0e7b11e17109188.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Users\Admin\AppData\Local\Temp\1084.tmp
      "C:\Users\Admin\AppData\Local\Temp\1084.tmp" --splashC:\Users\Admin\AppData\Local\Temp\2c70e01a98fdc3acc0e7b11e17109188.exe 88AED3240090FE0639D9A51F31D526B68AAB7FD3AF68DE5BC46EF2CB6E6705D9AFAC3C98841B1E7304CAAFC7CD0AE4CCF9022F0EFA5F20DF93AF1D1815F4DEDC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1084.tmp
    Filesize

    95KB

    MD5

    c9ed7a130df6a04e47d89dfea27dc050

    SHA1

    c6b55581ddfff0f261435101770a109a526db695

    SHA256

    c7029d48f8b1bd1483fc164677ffee0add3ffa7a481a6c8812ef863ea084e7e4

    SHA512

    3a9317abb5f5deb7bde35596625631592ead243ba6a85fa84ce38c007ab833adf9ba148c60a46516695f0be78ca8a998a758b9f3598714860d5032b76910d430

    Download Submit

  • memory/1908-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2248-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download