Overview

overview

7

Static

static

3

39c9498f84...5b.exe

windows7-x64

7

39c9498f84...5b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    39c9498f84b84387a7f758313d9b515b.exe

  • Size

    63KB

  • MD5

    39c9498f84b84387a7f758313d9b515b

  • SHA1

    2ac94680388b4eac8fa7cb655b772f953e2713e4

  • SHA256

    39a586d346bfc81054ac594cbf9137f91285cbe5de2de5ee01786d8fa60ef6f7

  • SHA512

    ee0d3a1888be95fa7b06b901c9abbc3f80f4d6eebd963264d29cfdc7fdebf4fadea6cc0af46fd44dfd4869926a3ce2829b43a0ba9ed71823fc6f5e22b55c73c1

  • SSDEEP

    1536:uufg6xNUQs0ZEjMPcqHmbBhvI1qWfiuv7tPS0xLDrk:x3xNvaIPk+qWpL1rk

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39c9498f84b84387a7f758313d9b515b.exe
    "C:\Users\Admin\AppData\Local\Temp\39c9498f84b84387a7f758313d9b515b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Rjj..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2696

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Rjj..bat
          Filesize

          210B

          MD5

          0eb795a853b391e5fbad46333a9173cd

          SHA1

          97c2b6d62c22eca61571ee62d864eda0750bed0f

          SHA256

          943c1877a3c69a338b564be6805d7682c47cdc1f4a30348dc6d247a4039c33fa

          SHA512

          6d0a0d9c8d0a34b6082abc9ac07635c05c49427e50aa505b986a8c18af327a283ca8820e3d05d02a029917bc6ddafde54fd0d524a0f6de365d02ff24ef93013f

          Download Submit

        • memory/1704-0-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1704-1-0x0000000000220000-0x0000000000241000-memory.dmp

          Filesize

          132KB

          Download

        • memory/1704-2-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1704-3-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1704-5-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download