Overview

overview

7

Static

static

3

44aba97cf7...fc.exe

windows7-x64

7

44aba97cf7...fc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 23:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    44aba97cf7903b6df434cc0fb90094fc.exe

  • Size

    1.9MB

  • MD5

    44aba97cf7903b6df434cc0fb90094fc

  • SHA1

    30ed147c028075273e8287dc5d851eccac4e162d

  • SHA256

    6c0aabbf88e3a9676528eb6b95c57ea9a2c7272bed88e616a7821a993e565641

  • SHA512

    da732c7d24bd2d3031b3e32e08a7e9f28f3d68b1cf578b8638a5045aa4d8f573d98de9671638cf790ee4f753092a11b8dab1a180cdab6a3c0830301683086b75

  • SSDEEP

    49152:Qoa1taC070dvozwbyLBVwbEi+VomcCgC/5pTggpEhIrL:Qoa1taC0ObPbEi+6GyhIP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44aba97cf7903b6df434cc0fb90094fc.exe
    "C:\Users\Admin\AppData\Local\Temp\44aba97cf7903b6df434cc0fb90094fc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\63C2.tmp
      "C:\Users\Admin\AppData\Local\Temp\63C2.tmp" --splashC:\Users\Admin\AppData\Local\Temp\44aba97cf7903b6df434cc0fb90094fc.exe E83D9F445DFB89CCC929DFDDF9C2DA08332DD582E30E1500A9A55E047B1E233ED1EBA6880B5D5046E7A8D570722D3951E0BA9C268273FF06F950D3FD71048912
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2044

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\63C2.tmp
          Filesize

          77KB

          MD5

          a43d14bf42a7df6ca8c85335f3255295

          SHA1

          48dbd6f0f67f0492454e1165796e5511ff546ccf

          SHA256

          fa9fc7c0d95d05f9333763f6d00b9a260a971052442351dcea4fb1f925318773

          SHA512

          d5f13a2a172ad64f6b4747e27f06f9b7b0537e4f7e88fbf410a8aa13ecb7100d08b65b4666341a1d98e11fdb61a0ef3ed786fd618a1795eebee1d7c0889844af

          Download Submit

        • \Users\Admin\AppData\Local\Temp\63C2.tmp
          Filesize

          111KB

          MD5

          697462a9726f40624419ac561a3d2213

          SHA1

          eef37b5eb130735d0b9e4150a9c7c43cc38e2ba4

          SHA256

          b8582c71e3716ff9ac8989e5c3b2f2d01bde67e9a91619275a3e88b6a52bbe79

          SHA512

          51d8a4d0fb610a709ef66b18cfc4eb384fa18fffb4c12e0211e2d6538b09f21722249eac6e97e0948df7ced8f42558e724f10594d3af40b2f04a68cb56648a5e

          Download Submit

        • memory/2044-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2164-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download