Overview

overview

7

Static

static

3

41c5cb8bbd...ad.exe

windows7-x64

7

41c5cb8bbd...ad.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 19:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41c5cb8bbd88ca8be1d6fd075c8ef8ad.exe

  • Size

    907KB

  • MD5

    41c5cb8bbd88ca8be1d6fd075c8ef8ad

  • SHA1

    483bbfda7bb85b58d94c431d394b76a9d079d868

  • SHA256

    5ff4a015ea24be3ac86c570eda65e512f6265503926cabe788d9adf245513ad9

  • SHA512

    f186e73abfdeb20e94deaa2daeab56da09699e0ac99cdb52b8be5f4cdcff18359d73d76a01b76e5100431537034ee188cd65048710e11c060dd11a1697fc245d

  • SSDEEP

    24576:Am7+LmlAoMUrEOZjbfsbLHbzxC+ws5a/ZS1:dymjMUrEO9fsh8s5gS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41c5cb8bbd88ca8be1d6fd075c8ef8ad.exe
    "C:\Users\Admin\AppData\Local\Temp\41c5cb8bbd88ca8be1d6fd075c8ef8ad.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:5004
    • C:\Users\Admin\AppData\Local\Temp\41c5cb8bbd88ca8be1d6fd075c8ef8ad.exe
      C:\Users\Admin\AppData\Local\Temp\41c5cb8bbd88ca8be1d6fd075c8ef8ad.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\41c5cb8bbd88ca8be1d6fd075c8ef8ad.exe
    Filesize

    529KB

    MD5

    0911102bd31b9b6d904c10759c5d6df3

    SHA1

    d5750994669a65042f7e4a7c552cac1d82f3faeb

    SHA256

    7e335394c5e894f536567ef765444b081d7d898240b2ecf96f85c8c8e03dfb95

    SHA512

    bedd3fe0966642b6cdcac12452fbcd0a79fa74f139c17dfcc27435c049d6d6709bd1754c18c96274fdf2d651a3b744cfbba45bc0ae6b50c123f01c0fd6dabc06

    Download Submit

  • memory/2156-13-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2156-14-0x00000000017A0000-0x0000000001888000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2156-20-0x0000000005170000-0x000000000522B000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2156-21-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2156-30-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2156-33-0x000000000B800000-0x000000000B898000-memory.dmp

    Filesize

    608KB

    Download

  • memory/5004-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/5004-1-0x00000000015B0000-0x0000000001698000-memory.dmp

    Filesize

    928KB

    Download

  • memory/5004-2-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/5004-11-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download