Overview

overview

10

Static

static

10

035a9ecb8f...a2.exe

windows7-x64

7

035a9ecb8f...a2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 12:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    035a9ecb8fe641f09ad28cf3781b29a2.exe

  • Size

    105KB

  • MD5

    035a9ecb8fe641f09ad28cf3781b29a2

  • SHA1

    d057243ccc4fe78387926d017601db4086e5741f

  • SHA256

    d9e87b1a36e9ba9323f3f06bfaad1e9a539afb2c1c830e664c2a9ae4673a12eb

  • SHA512

    e33a95012543a2340af608d63004a694ee9a88af3ee18398dfc28b3ab3fdf1bd4ebbcfe206f6a7e1d561e1058c95b02641d32c06b1dba0fa29b6fd0585503d4f

  • SSDEEP

    1536:3CqlwmQeLWzCAt9kqqYsQEuWLvtW/hBYLpFHSBGrE/SrRVcc:bXqbsnuW4JBWp1SgoKfcc

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\winwm.exe
    C:\Windows\winwm.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:2220
  • C:\Users\Admin\AppData\Local\Temp\035a9ecb8fe641f09ad28cf3781b29a2.exe
    "C:\Users\Admin\AppData\Local\Temp\035a9ecb8fe641f09ad28cf3781b29a2.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads