Overview

overview

10

Static

static

10

6e323bddb6...88.exe

windows7-x64

10

6e323bddb6...88.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    9s
  • max time network
    78s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588.exe

  • Size

    23KB

  • MD5

    56b932581ca03686ad499fad655f6657

  • SHA1

    4a5b99528438aa27cd2608f7be56bfd314d39f26

  • SHA256

    6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588

  • SHA512

    e04c20a01cef5987340e6f40da5e8aeaf52952ccbe10b1eb538a612bba75b45c91988d8014b2eb42ed742c29e5d0a152f969e1b9656846d2f9117faae9e7197c

  • SSDEEP

    384:RoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZdfZU:G7O89p2rRpcnuMhU

Score
8/10
evasion

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588.exe
    "C:\Users\Admin\AppData\Local\Temp\6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588.exe"
    1⤵
      PID:2080
      • C:\Users\Admin\AppData\Local\Temp\win33.exe
        "C:\Users\Admin\AppData\Local\Temp\win33.exe"
        2⤵
          PID:2104
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\win33.exe" "win33.exe" ENABLE
            3⤵
            • Modifies Windows Firewall
            PID:712

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Initial Access

      Execution

      Persistence

      Create or Modify System Process

      1
      T1543

      Windows Service

      1
      T1543.003

      Privilege Escalation

      Create or Modify System Process

      1
      T1543

      Windows Service

      1
      T1543.003

      Defense Evasion

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Resource Development

      Reconnaissance

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2080-0-0x0000000074DC0000-0x0000000075371000-memory.dmp
        Filesize

        5.7MB

        Download
      • memory/2080-2-0x0000000000FF0000-0x0000000001000000-memory.dmp
        Filesize

        64KB

        Download
      • memory/2080-1-0x0000000074DC0000-0x0000000075371000-memory.dmp
        Filesize

        5.7MB

        Download
      • memory/2080-12-0x0000000074DC0000-0x0000000075371000-memory.dmp
        Filesize

        5.7MB

        Download
      • memory/2104-14-0x0000000000DC0000-0x0000000000DD0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/2104-13-0x0000000074DC0000-0x0000000075371000-memory.dmp
        Filesize

        5.7MB

        Download
      • memory/2104-17-0x0000000000DC0000-0x0000000000DD0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/2104-16-0x0000000074DC0000-0x0000000075371000-memory.dmp
        Filesize

        5.7MB

        Download