Overview

overview

7

Static

static

3

3fd275c11b...08.exe

windows7-x64

7

3fd275c11b...08.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fd275c11b763f7cc9361440bbee6608.exe

  • Size

    1.9MB

  • MD5

    3fd275c11b763f7cc9361440bbee6608

  • SHA1

    dad3f99c7771ec5421b9423b8af4a5cad447a619

  • SHA256

    fcd8d4e1013e026ea9fc3a034bd4c977c57b04d7a085e6bbe73b16bc39a01006

  • SHA512

    1e7afe25ab46cd3caa6b4f994dd9a2b3e4912dc9dbb4adf134040f46ccb69a5ca37bed85838e37c04bf0ca4f902cac84c0bfaed4e9f18dbec71659bdd5d6747e

  • SSDEEP

    49152:Qoa1taC070djuFbvbUp1kZOV4QR0y7cmOdX5:Qoa1taC0guRrZA4QR7/WX5

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fd275c11b763f7cc9361440bbee6608.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd275c11b763f7cc9361440bbee6608.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Users\Admin\AppData\Local\Temp\9A2.tmp
      "C:\Users\Admin\AppData\Local\Temp\9A2.tmp" --splashC:\Users\Admin\AppData\Local\Temp\3fd275c11b763f7cc9361440bbee6608.exe C4C5D8F42AFBEED2981349C329716240FF14DFF69D78CBC8CF07A9B476861308436198B6916BA711C110784A9B658AB3D8C21929B3F64D36F56B2DCCD05CF960
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9A2.tmp
    Filesize

    1.9MB

    MD5

    2e1643991f4e5dd753fc1f8c2d5deab0

    SHA1

    aa7507d07ad8ec45fb3cb2865d735139d321e846

    SHA256

    b1fec435c0c47953013eda92d1275b3c5c2f69135e4e2b6f4d65cad4a684a9d3

    SHA512

    9fb7cad137f3992c0a9ad8bc5f8ec06caa18e14a4ab08a4a9954862d812eb78598c60836781f294a888b5ec91345b96e48543352695bc6ba05495dfece050ea6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\9A2.tmp
    Filesize

    590KB

    MD5

    eea82fb7850aee35e76cc77e0933a30e

    SHA1

    32d93ff847491aaaa37c7ca88b8d125f0ab5addc

    SHA256

    3ff72acadab4397b77491725c2638f3cb67c4c526b1af8cdf3c55dfece435915

    SHA512

    427fda7eed781bae0bca0341176b4450fa929ac745c6dc7d21f3b23adb731f7130b27d03c184b173692ed1345f95888001bf73c97ce214886854eb0c59f5b3da

    Download Submit

  • memory/2184-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2372-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download