Overview

overview

7

Static

static

3

3be6b109be...43.exe

windows7-x64

7

3be6b109be...43.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    162s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3be6b109be72f3e9bae6d5c5a46eaa43.exe

  • Size

    1.8MB

  • MD5

    3be6b109be72f3e9bae6d5c5a46eaa43

  • SHA1

    c2a7f36228861c661a18acb06ae0bbcf7263ae71

  • SHA256

    d8d74701ba059feabce2c5b8e24eaa77ac95c27e266028e05f9b3f90092b5a1a

  • SHA512

    83022df6a16c4f4b19b223fb80f1d1c1d3374535b04289679044bb286a3f187e1f4eebbf4c8ea3b17c442636450d9e56f0da208579b300b0a80717d91c1febbe

  • SSDEEP

    49152:4yd4qWw2lrcW7iYsmBrYsDEOMql8q5lomNyi1aq:ZdJWHB8sEdqlf7h1X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3be6b109be72f3e9bae6d5c5a46eaa43.exe
    "C:\Users\Admin\AppData\Local\Temp\3be6b109be72f3e9bae6d5c5a46eaa43.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Users\Admin\AppData\Local\Temp\is-C7MC7.tmp\3be6b109be72f3e9bae6d5c5a46eaa43.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-C7MC7.tmp\3be6b109be72f3e9bae6d5c5a46eaa43.tmp" /SL5="$70122,1624557,58368,C:\Users\Admin\AppData\Local\Temp\3be6b109be72f3e9bae6d5c5a46eaa43.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-C7MC7.tmp\3be6b109be72f3e9bae6d5c5a46eaa43.tmp
    Filesize

    6KB

    MD5

    eca75ba92c046367fb159215583cf529

    SHA1

    4db5d351282d962d20df71697809275bfcdea4c6

    SHA256

    1b1a86a500c523b3aa9b66a85d8b75c0671cecdb82f11d8f539d00743877d705

    SHA512

    91035d7fa539101a7fd2acb549cba2ea4f8f853742587e029edd44276b425c3dbf7a21712d5777416346f17c01f30259a229fa0d3ccccda70fa8e03464f1e173

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-C7MC7.tmp\3be6b109be72f3e9bae6d5c5a46eaa43.tmp
    Filesize

    24KB

    MD5

    35464230c78c281b66833e3ce93ffc45

    SHA1

    de00e986a575a6cb0d32ca8b34cb193ee986e655

    SHA256

    c884047bf649a246d392391110d7ac187db0f8fcec811853bdb756dfeafea0d5

    SHA512

    130be13ebb9cf59b66a1ec343ebef8874fdefb46e35009ba6e7ed48584b5ecc37fbf2a0817ba9a9be3ecad16bb3b5081cafff7b1aff513b95580884265545bb3

    Download Submit

  • memory/2344-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-11-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/2344-14-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2816-2-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2816-10-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download