Overview

overview

7

Static

static

3

3b02a5cd38...b2.exe

windows7-x64

7

3b02a5cd38...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 20:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b02a5cd38f020b16ad603c4a46792b2.exe

  • Size

    1.9MB

  • MD5

    3b02a5cd38f020b16ad603c4a46792b2

  • SHA1

    8e2500c1fcd9ae55166dea44c776e916081f7d99

  • SHA256

    d6ffe9cdb1d264a801d71d3be0ec5d3e32eefffc7786a03cc1fcba699dcd602e

  • SHA512

    e147e9a3eafae8d369d233a4e5b223f101753c9313e9da9efdddd56a8920898d56df065843752f339e173fc445733a0663fb15f92b4453bad945a178e5e19846

  • SSDEEP

    49152:Qoa1taC070dyCk1vesYDs2WDVERWMzEC+JLJ:Qoa1taC0OkxYDs2WBERpEC4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b02a5cd38f020b16ad603c4a46792b2.exe
    "C:\Users\Admin\AppData\Local\Temp\3b02a5cd38f020b16ad603c4a46792b2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Users\Admin\AppData\Local\Temp\5851.tmp
      "C:\Users\Admin\AppData\Local\Temp\5851.tmp" --splashC:\Users\Admin\AppData\Local\Temp\3b02a5cd38f020b16ad603c4a46792b2.exe 1E5FFDEE048B82FAB931DACA599F199FD2CC9F50733FD2B9FF2E56CA934D56074D436DEB716E943B57AD25FB3A229A4C4315844A71EC30D67E43ABF3F378E0CE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4788

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5851.tmp
          Filesize

          382KB

          MD5

          3c4a5b5ad56cfd86fc2acd0cbd59d679

          SHA1

          aed3321892ea661e840787f7aa527d46420202b0

          SHA256

          15bc2587d55fdb919ae8aee2484ea832b29d40040150af3b22d8068d71c18cf4

          SHA512

          39d44e5a3bc6b39ff3187f2968e43b912fb411e85329f2f37c40bcbcc50ce94187bbce1bba25c245c28e32e40da97a66e33827af7c04e958fc59de423fda636e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\5851.tmp
          Filesize

          381KB

          MD5

          37996f3b75a7cc4fe71385cf910176c9

          SHA1

          e3bc264d2ede822fdf32e6c3ecd561e0d37ee556

          SHA256

          f55ff90399463bd4dcb9d25bc94564c540c3fa964b3ecaf2f33b5f3d6f5a18e2

          SHA512

          4d90f33584fd8b1e1ad5686ccd3dadcd6f44d6d4f51990d899dbffc4dfdf1b56b779ddf562dc7f30a73e35e64b20928bdbb5a0bad82a9644506504f62c788fba

          Download Submit

        • memory/4788-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4792-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download