Overview

overview

7

Static

static

3

3db077694e...49.exe

windows7-x64

7

3db077694e...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    155s
  • max time network
    185s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 19:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3db077694e62e354d060fa2aace5cf49.exe

  • Size

    84KB

  • MD5

    3db077694e62e354d060fa2aace5cf49

  • SHA1

    ad3b22af5a47ff566b337ab7989dbd2b50334804

  • SHA256

    282d1f96d583c1b04327d61425645e3a5a9352ebbce006a768079b93785d5be4

  • SHA512

    2f5382080054c4947f31c13378d6346c47e35b6a522963141f3d5cf102d70b96dae4fc65cf844afd12bd6cbdfe86713a24e0867397c1d719c211eda88cf040b2

  • SSDEEP

    1536:cLo0Q1Q96lZwEJk4twvlQDh3dgKGzK8nqu7OijCvBZmvmdF+GWBeN+P:cLo0Q1U6FniQDhtBpW16YIosF+JT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3db077694e62e354d060fa2aace5cf49.exe
    "C:\Users\Admin\AppData\Local\Temp\3db077694e62e354d060fa2aace5cf49.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4964
    • C:\Users\Admin\AppData\Local\Temp\3db077694e62e354d060fa2aace5cf49.exe
      C:\Users\Admin\AppData\Local\Temp\3db077694e62e354d060fa2aace5cf49.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1212

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\3db077694e62e354d060fa2aace5cf49.exe
          Filesize

          84KB

          MD5

          743954ee253e1601a3d3486edb65bf91

          SHA1

          a585bf945fe5eba63c63c24fdeb12f0cb1e6a01f

          SHA256

          806b9e8cd7819c3012d86eba2d8f1b0fec280df5cbd6075aabaea07ef6361fbb

          SHA512

          c0e48154050550c271d8f7d8bfbda7769473a7f31b8ec5aecf579e6e8e3400aa5d375534dd59fb3ee6a98fbf98442b579259961a26e2293333240b8bcfe4206d

          Download Submit

        • memory/1212-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1212-14-0x0000000001430000-0x000000000145F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1212-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1212-25-0x00000000014F0000-0x000000000150B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4964-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/4964-1-0x00000000000F0000-0x000000000011F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/4964-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4964-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download