Overview

overview

7

Static

static

3

412a76659b...a5.exe

windows7-x64

7

412a76659b...a5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    159s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 14:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    412a76659b8d5466ed46c55c09c5a8a5.exe

  • Size

    82KB

  • MD5

    412a76659b8d5466ed46c55c09c5a8a5

  • SHA1

    dd51551383739a16c64d82dc01767faadeacb856

  • SHA256

    924de32cce38495be351f45aa4f5162a88f681871d5fbe7556b7033bb8fd722c

  • SHA512

    647f7af38bb0317f900a996b4541000b19d312767f4fdaefa88f663b566a58cf63566546b9fd230160a3bd870075c93f4c10f9048c82c82743a5a7ca7ae3c3b0

  • SSDEEP

    1536:XRVQXEWqrcuMlBkORrzzYpDV0acz53iLOdzKkF8NhahdsXRZY7wn3:X3mbqrcbbRc0n53i0uHjfF

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\412a76659b8d5466ed46c55c09c5a8a5.exe
    "C:\Users\Admin\AppData\Local\Temp\412a76659b8d5466ed46c55c09c5a8a5.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1360
    • C:\Users\Admin\AppData\Local\Temp\412a76659b8d5466ed46c55c09c5a8a5.exe
      C:\Users\Admin\AppData\Local\Temp\412a76659b8d5466ed46c55c09c5a8a5.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4556

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\412a76659b8d5466ed46c55c09c5a8a5.exe
          Filesize

          82KB

          MD5

          6386de6424b4ced3361a1eaad2fbf91d

          SHA1

          1d8990c71686bd80cf7ba07661f778d889657120

          SHA256

          f13311ec22f5f10f22064b4851cfaa9a30e5f0e6cea81605acedbf2bfa18e9dc

          SHA512

          22aa93ef606c55e5b97638bf5760121a298c94b70ccec7f586dd66409b6807b5114e814de2438a6dff53f3d1855be87c288bd57047fb6ea81a3506aca44857e1

          Download Submit

        • memory/1360-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1360-1-0x00000000000F0000-0x000000000011F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1360-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1360-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4556-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/4556-14-0x00000000001D0000-0x00000000001FF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/4556-21-0x0000000004D90000-0x0000000004DAB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4556-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download