Overview

overview

7

Static

static

3

37674c2709...b8.exe

windows7-x64

7

37674c2709...b8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37674c2709407f4e47d284c46a6691b8.exe

  • Size

    1.9MB

  • MD5

    37674c2709407f4e47d284c46a6691b8

  • SHA1

    5e74ee752f70f908ddcb2fac36aa2562a3b34072

  • SHA256

    7ad8bc5c8b89746a6a62466017cb49e4d12514ff19f7e71ae440c3357ec3491a

  • SHA512

    a9e361c0fa7ebb796078a54490e5048f30c1395325784114a72bcb5fc82a223cf7d19a3f369da966a0f44318d931cf2b7bd1a117d636d041e5f78706893337b3

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10doiJ+5+HrAVLmVTaCvelcpB+JGwNkOyW8b5lL:Qoa1taC070doic5+Hr80dicpfwuOoDI8

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37674c2709407f4e47d284c46a6691b8.exe
    "C:\Users\Admin\AppData\Local\Temp\37674c2709407f4e47d284c46a6691b8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Users\Admin\AppData\Local\Temp\4F29.tmp
      "C:\Users\Admin\AppData\Local\Temp\4F29.tmp" --splashC:\Users\Admin\AppData\Local\Temp\37674c2709407f4e47d284c46a6691b8.exe 60D4F2A0924CAFBFE148F16221A2C8D70C2112D1554C6B9F314E85677F3FAB4F06F5ACF275EEF0E0CF166C659B3B9D52E8502F3BCF8579D755D51B78993E50B5
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4F29.tmp
    Filesize

    45KB

    MD5

    6f814c810c6a8298bec29b6e5b55d65b

    SHA1

    15cec6e72ff8eb20f816c185a52c1a1df132ad28

    SHA256

    f4b5d6ce44327e12dac8204c442add66127d679f1e4c7a70e97fd0b9b8672911

    SHA512

    51d0a9d26356754f77813c62476973c20369af54f7dbca41e529591d66f7fa3d474510a4aa9451a57433d0b8ffe4cd40a4c67186c770d7347ed28cf6387da435

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4F29.tmp
    Filesize

    48KB

    MD5

    73219edcc95b00346addee41d0b87234

    SHA1

    6c2ac9822eacff398fce385b0bf1d8a7a1dfffa9

    SHA256

    17a36ca1be690b47a1038a016089bef93c9e61937f45fabf31508617fcc98277

    SHA512

    a37b849f416a211d902ea108a2e8f87363567ac0336ace43101e7554d276b5cdd4a48c6a5ad031aa64332fc38e947c28bf6a1e32494a69b49eff775f50536c88

    Download Submit

  • memory/2408-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2752-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download