Overview

overview

7

Static

static

3

41f9bba48d...57.exe

windows7-x64

7

41f9bba48d...57.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2024 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41f9bba48d9ce10cff3c98669ca22c57.exe

  • Size

    57KB

  • MD5

    41f9bba48d9ce10cff3c98669ca22c57

  • SHA1

    78dd45d52f7863225d8859e23d0c4a51d41b14b0

  • SHA256

    af0047c4ee026a29d9da0bf83fb90d92a8599893004842ddde951ad8308afdbb

  • SHA512

    719ae5713d4d3483e218c542b10fefb1c64bbc92f4bac8293a2848761f452cf24a3c798543b37c9a5885d5dfcf29de2bbb285d529bdab1be272703d8c0532f1b

  • SSDEEP

    768:/ddvoW2+hLnBhxszivxOmaelLBsbhrhlP7vMHJhjPBAO3te6J34jd14ZZceengQl:/dz2+hjBISaXVnMb7R9eBjzclJ6ovOH

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe
    "C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe
      C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe
    Filesize

    57KB

    MD5

    82499a86828503eb9a258a1986bfeb42

    SHA1

    bd06b2a24a644edcf1183fcb6d0e54b116941677

    SHA256

    89a6d96f7ca90fed65f2bec8717e5a08d3728cfbe50e4084476e8f57848f7ac4

    SHA512

    ff0d7782579407f4c4fc94c7e0bea75e8598e5514439fc7406817652cf3ec1df1645131bc9ad4f789db2e59b8e7975c4b8951e26f05a9269f5becb7e534e787b

    Download Submit

  • memory/1180-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1180-2-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1180-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1180-15-0x0000000000190000-0x00000000001BC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1180-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3052-17-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3052-19-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3052-18-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3052-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3052-29-0x0000000000210000-0x000000000022B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3052-30-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download