Overview

overview

7

Static

static

3

37e05a1cdb...d2.exe

windows7-x64

7

37e05a1cdb...d2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    220s
  • max time network
    246s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 13:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37e05a1cdb54a18d4f3b2a25b2de06d2.exe

  • Size

    165KB

  • MD5

    37e05a1cdb54a18d4f3b2a25b2de06d2

  • SHA1

    f901b145c62a8b4c8b9ec1619fdfd50b60061b32

  • SHA256

    c114f54f29249ad4ef07fe4fc37bbd2ad8c1b1be6a0218ffbaaf4a51ee3c1ad3

  • SHA512

    24b86a06c8fb1cb622793bcbf829ea81c16f9053f4c9ef25d7b052eaa8bfdf0e5cf4c9d1e7172c4aa8838ddbdeeaf2549693937093503a19f187ba05d11abbe4

  • SSDEEP

    3072:FrgzVVuBmZLNOuk3KsEw9ignYJzP6kkt4UjwIirqyYaT5hT:xPULWasVcgYJD6kkqsiLr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37e05a1cdb54a18d4f3b2a25b2de06d2.exe
    "C:\Users\Admin\AppData\Local\Temp\37e05a1cdb54a18d4f3b2a25b2de06d2.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\37e05a1cdb54a18d4f3b2a25b2de06d2.exe
      C:\Users\Admin\AppData\Local\Temp\37e05a1cdb54a18d4f3b2a25b2de06d2.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\37e05a1cdb54a18d4f3b2a25b2de06d2.exe
    Filesize

    165KB

    MD5

    a67ebe52303ff72e75dc8c40b7907dc0

    SHA1

    8ffdf89da13f4c2b28ff0478dbb6fea1105d1b5c

    SHA256

    48cb4c3ed022742d86784cbd488bc31f01a73791bf8cfb078c99af93775bd0fd

    SHA512

    f5e660576350b77cca3c8eca194bd7daa69033e3226837e07b73d645fdee550148a3c1e3a285507eee9e32e4ad626345688fa86e00f59f774b262b857cbb28ab

    Download Submit

  • memory/1712-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1712-1-0x0000000001430000-0x000000000145F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1712-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1712-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3756-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3756-14-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3756-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3756-25-0x0000000004D90000-0x0000000004DAB000-memory.dmp

    Filesize

    108KB

    Download