Overview

overview

7

Static

static

3

38c58bedb5...9d.exe

windows7-x64

7

38c58bedb5...9d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 13:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38c58bedb500054dbe848e7bbc76d69d.exe

  • Size

    385KB

  • MD5

    38c58bedb500054dbe848e7bbc76d69d

  • SHA1

    db50f2524d8ff56cc36c219f088c4c2e6245db98

  • SHA256

    b05fe4dfae0e633e761b382240d2755e5c59f26a0d8653f7fbaf1e20536f800a

  • SHA512

    66b6b27a21cfa0162050cdec16a5ce50d787789c98102281436c79d9d5c9fc942737d5523252ecfd56f050c35b75e71e3c73da2f825829de21a88da379d131ef

  • SSDEEP

    6144:yH3/qbaGmNHD8KSWnhtRd6DBVd5uxByGDEdoLFSH/1xLh5heDcp5QPbB:i3ybaGmNjPXRqVdE/sOAh3UPbB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38c58bedb500054dbe848e7bbc76d69d.exe
    "C:\Users\Admin\AppData\Local\Temp\38c58bedb500054dbe848e7bbc76d69d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\Users\Admin\AppData\Local\Temp\38c58bedb500054dbe848e7bbc76d69d.exe
      C:\Users\Admin\AppData\Local\Temp\38c58bedb500054dbe848e7bbc76d69d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\38c58bedb500054dbe848e7bbc76d69d.exe
    Filesize

    385KB

    MD5

    fb0bc4e46f3bd7505cac1e6029dff153

    SHA1

    4da9506b1e7724c865b90d109ecacc56595371b3

    SHA256

    6a0d7018684de6e18fe5ee20801bf8f71133830f866d0ca3522a2417a2afabdb

    SHA512

    32cb494a8d7732b409745371ff735bada1b5c039102bc8814e5e77a9c049789eca8ec1e3a8382cbda1489531801bce6f37d387ad9ebed41d3428ffa44cdce734

    Download Submit

  • memory/3092-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3092-1-0x0000000000150000-0x00000000001B6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3092-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3092-12-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3936-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3936-14-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3936-20-0x0000000001620000-0x000000000167F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3936-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3936-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3936-35-0x000000000B600000-0x000000000B63C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3936-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download