Overview

overview

7

Static

static

3

4207ed5c99...f0.exe

windows7-x64

7

4207ed5c99...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4207ed5c99e5c8a0f75928eed264a5f0.exe

  • Size

    3.3MB

  • MD5

    4207ed5c99e5c8a0f75928eed264a5f0

  • SHA1

    907dcb98f93517d33795aad1f6caa8c6bb2ce1ef

  • SHA256

    b90b837383dca9a6d56b5f6bca33090e550bd84b272174737b9485da740c0291

  • SHA512

    d4e04c157279040ea929064b4d892f5f7f5038d71444a32ea81d9a0a917dca9f495104e1bb071b975444b9249fc32f2f4593b13da3e87d3fa0b2129db9148a3e

  • SSDEEP

    98304:zK+tw/XnpKS+xDm2Fnf+RBj5NCj+y9ut26:2+S/8fJmof+RZTCymo/

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4207ed5c99e5c8a0f75928eed264a5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\4207ed5c99e5c8a0f75928eed264a5f0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4040
    • C:\Users\Admin\AppData\Local\Temp\4207ed5c99e5c8a0f75928eed264a5f0.exe
      C:\Users\Admin\AppData\Local\Temp\4207ed5c99e5c8a0f75928eed264a5f0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4207ed5c99e5c8a0f75928eed264a5f0.exe
    Filesize

    92KB

    MD5

    75bcfabeb9ad90dd0dc58ee5af04d5fb

    SHA1

    ec81de346e4d941562d33083e72ac5c23f40dc3e

    SHA256

    9bd00e9a014d09181d0b71613f83cccf72a7ea1cdefcdfcbb9bfd05069bf1122

    SHA512

    6c415bc64c8f37cc89ec9e984f6bb607b3e5bb22c73bd019e556e2508035a052789fcb0a5a63ffd2b359612ace3421f21783ca6fcf8fbf30eb2bdb0e3fc78caa

    Download Submit

  • memory/512-16-0x0000000001D40000-0x00000000021B7000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/512-20-0x00000000059A0000-0x0000000005BED000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/512-21-0x0000000000400000-0x0000000000640000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/512-14-0x0000000000400000-0x0000000000877000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/512-13-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4040-0-0x0000000000400000-0x0000000000877000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/4040-1-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4040-2-0x0000000001F20000-0x0000000002397000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/4040-12-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download