Overview

overview

7

Static

static

3

427385cca3...27.exe

windows7-x64

7

427385cca3...27.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 01:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    427385cca3a7ffc31f8bbb8f180d0b27.exe

  • Size

    1.9MB

  • MD5

    427385cca3a7ffc31f8bbb8f180d0b27

  • SHA1

    de27010991b143160d47d8cca843e98fd75a8390

  • SHA256

    011f4ad6ca0cf57bbb02a5550d604cd3a5fb69a0f0f4590f0692089672820535

  • SHA512

    5700a778e316f640ddc0bb4e2d3c4efeb417cfb206bb2d8e685897b078194a1db3b07edcdc6693784205d87bc4a9acda8ed09edb650d863b23bb062513b57d19

  • SSDEEP

    49152:Qoa1taC070di51mbucLvZ4pWMbSolA3WCxl5gQXNmsorlb:Qoa1taC0/1Y7Z4pWMuUA3WCz57msglb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\427385cca3a7ffc31f8bbb8f180d0b27.exe
    "C:\Users\Admin\AppData\Local\Temp\427385cca3a7ffc31f8bbb8f180d0b27.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3592
    • C:\Users\Admin\AppData\Local\Temp\5776.tmp
      "C:\Users\Admin\AppData\Local\Temp\5776.tmp" --splashC:\Users\Admin\AppData\Local\Temp\427385cca3a7ffc31f8bbb8f180d0b27.exe 9015B6423914D8AD1B7BB376F6C27EFCA5F7074DC969B3839D1AE92AA3DC0CE8141F34D4B29AA961E04CF97D6651D06200CF0BB88CA3C9BDC261D461EF912F40
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4588

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5776.tmp
          Filesize

          864KB

          MD5

          e2b200d178cfd7b712fcbce2e3d4927c

          SHA1

          d889deda4f60704f829b890ceb0ff7f5dccb49bb

          SHA256

          64d50b6c628dca9e410ab3927eae51d2817febd83e9984c8475fe4c7127b2030

          SHA512

          049adeb78021c5e213d84eaa2e6be638951786902ca88c7c632ae3eeeadbd02fd6ba8a90413a1b2d6de51ac7d1e94c03b1d05be78fc96fdfa0a9527d3a3e516a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\5776.tmp
          Filesize

          794KB

          MD5

          079eeff87ad8cbcdd9e1be479ce57dc5

          SHA1

          c8f4a5a1889955676308853d989ef95add1b9e43

          SHA256

          404025959877ed0697fa522d358adbdbbf4f0fcb42370d8cafec9d9d011bef63

          SHA512

          066d53389c40f6cf914400d47a4ee5de9b8bee80351ac69f8a08b1b1680aab5c2d81d49f1a2c00c1c5ea704e49c20869dab228b3387a6cddf626cf601991e134

          Download Submit

        • memory/3592-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4588-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download