Analysis
-
max time kernel
150s -
max time network
170s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
01/01/2024, 07:30
General
-
Target
3c408947eb08887a9f906a3d733a06d7.exe
-
Size
56KB
-
MD5
3c408947eb08887a9f906a3d733a06d7
-
SHA1
2aa760012d4ea78e85cb1dd02b3f9f50ca005356
-
SHA256
974fab0d93e06e7d738bc36d52e46e6344c78336b83f571bf85b0fedc0f98b7f
-
SHA512
c805c09cfc3077b619bbbe5028f50dd7499513d38b4833f84cd70e9bf12c84439449055237ed56cde5fed0b1270d2278c6e38b96b41e88cfc425b5bbbedb79ff
-
SSDEEP
1536:4IX8bzmWvhDxFzq4Cig5nXxLwjCGAOJkPWvaJIIvg:5XTC9FO4b4LwjCyJkPGaJIEg
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c408947eb08887a9f906a3d733a06d7.exe"C:\Users\Admin\AppData\Local\Temp\3c408947eb08887a9f906a3d733a06d7.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\epcditgj\yxuzipwl.exeC:\ProgramData\epcditgj\yxuzipwl.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe/c del /f C:\Users\Admin\AppData\Local\Temp\3C4089~1.EXE.bak >> NUL2⤵
- Deletes itself
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD53c408947eb08887a9f906a3d733a06d7
SHA12aa760012d4ea78e85cb1dd02b3f9f50ca005356
SHA256974fab0d93e06e7d738bc36d52e46e6344c78336b83f571bf85b0fedc0f98b7f
SHA512c805c09cfc3077b619bbbe5028f50dd7499513d38b4833f84cd70e9bf12c84439449055237ed56cde5fed0b1270d2278c6e38b96b41e88cfc425b5bbbedb79ff