Overview

overview

7

Static

static

3

399554898c...36.exe

windows7-x64

7

399554898c...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    399554898c9230ae59a10db7b6e1fc36.exe

  • Size

    1.9MB

  • MD5

    399554898c9230ae59a10db7b6e1fc36

  • SHA1

    ec00f17b3008397d8a1e576699ef23175c867577

  • SHA256

    da1f358e8e76a3fd9fbbaaa22a1c9ab8b061bfcb0abb918484929f371a9512dd

  • SHA512

    9ac41037d67b46269d722f67404486687017c480cd61a009ed1e8e3a73d6329a3163460f6993bf032b909c70c36590b451a868719211684e8f6e038425f42b01

  • SSDEEP

    49152:Qoa1taC070duDsP3AK+HKpZIhJizYysrQ:Qoa1taC0/Dsvl+qMMz6U

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\399554898c9230ae59a10db7b6e1fc36.exe
    "C:\Users\Admin\AppData\Local\Temp\399554898c9230ae59a10db7b6e1fc36.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\1BDA.tmp
      "C:\Users\Admin\AppData\Local\Temp\1BDA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\399554898c9230ae59a10db7b6e1fc36.exe 93BDC50040EE244F46611981EC9CCA3B36AACECE1D397379F41E50AA606C7BC8CD684F559594D67C3047F571D0C4C843AD6E8074F9FA55706D3CCB03CD48AE0F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1BDA.tmp
    Filesize

    641KB

    MD5

    4736ba5ed6ac93bb20367b9d44de68b6

    SHA1

    32c9340cbd199aee5a8f935eaa23ed9fff245f46

    SHA256

    ed2a494b92a2bd2ae6b50501b8bb6c851c4b8b13f70e55a98f48160173fad03a

    SHA512

    da0212db0442463004f5147886da2a23dd32387cc788e50318c4cb0f2ca3a8f7fb096cbac8ed2ccadebc72e808a31dc4eb696605464ed45306d4b621af3f5934

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1BDA.tmp
    Filesize

    92KB

    MD5

    6e1ade04ace562019dbec7c80c9e402e

    SHA1

    04916d71593e6767c16b8a3dc34fc62557dc474e

    SHA256

    2c28bfbad146c1ee725595e00c7e1230f737265ad3801a01c220d16a0d0e9f35

    SHA512

    f03d1cb741a8f4a928201ac9d15038f234a5cd71a890c7001e5b9a19503149995c7686be9e9d19ccbe5757d752bfe541a60f819382b8aa579e3564c6c140ba38

    Download Submit

  • memory/2204-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2368-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download