Overview

overview

7

Static

static

3

3c9d096200...dc.exe

windows7-x64

7

3c9d096200...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2024, 10:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3c9d0962009ac99af72bfd05c63920dc.exe

  • Size

    1.9MB

  • MD5

    3c9d0962009ac99af72bfd05c63920dc

  • SHA1

    0bbaa470c67e47069c8d46cdafc8cf745f0e695c

  • SHA256

    481d04d41efabb5efe74bb854af81984a3e0f3da2e091ac5fdaa27758bf63c25

  • SHA512

    ee79b4337380517fb6abd3b8ffc3ea67dfad8afde14a4b7e673d372e25633d3668fefcc58711d4088fd09dabdb97eb67415b6b858744266cfce06fba58d66d17

  • SSDEEP

    49152:Qoa1taC070dwgk5bWAfbpKTdiQocdjkBK:Qoa1taC0t5ySpAUE

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c9d0962009ac99af72bfd05c63920dc.exe
    "C:\Users\Admin\AppData\Local\Temp\3c9d0962009ac99af72bfd05c63920dc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Users\Admin\AppData\Local\Temp\865F.tmp
      "C:\Users\Admin\AppData\Local\Temp\865F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\3c9d0962009ac99af72bfd05c63920dc.exe 5E387AD593346FBFAFB2DB468AC92A9A88CDB4B7F647D9E8F4E8F0BC592EBBA9CBE29C6E253651889F9647821D08105D34502CB3C7B3C6D4074809BD0B8025A7
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2616

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\865F.tmp
          Filesize

          1.9MB

          MD5

          d18f64cecfc27ffa72f15baf3a6a0ad9

          SHA1

          f219f76acb11a81d1cb404816c14347ef44be53a

          SHA256

          e4293af1276acd41cc34af8bb130527c484e3e5333fd0d70ecd21b900337f1b2

          SHA512

          ea45aa4b71dc584fcc371773a51fca7b01e2690ef2df8843f4768ec4dd3c9a51811ff310eedeafb7583df0895d0aad4416968230a172e25d9f3e3e8df21ce9f7

          Download Submit

        • memory/2616-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2912-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download