Overview

overview

7

Static

static

3

425ccf28e1...ca.exe

windows7-x64

7

425ccf28e1...ca.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 00:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    425ccf28e1a0ab917123195ea5c3c0ca.exe

  • Size

    907KB

  • MD5

    425ccf28e1a0ab917123195ea5c3c0ca

  • SHA1

    926f9e4af3b167c82c26bc597eee5419b13787cd

  • SHA256

    2d20acc6011d118c14bac2dd51370d4be1579d0eb0c2bd3c3ad7f595a3b71272

  • SHA512

    0b8ce143b0e5109ffbbef8e63866e3b5833f07355bfe9fc339ed5bc4f734f5f6ffd3b5ed55310a3967fab62e4f2b2351dc342b236cbd6c53b50239dcdfc71ada

  • SSDEEP

    24576:IiTD46ZUwDFwiFrLokRoJ/4TKaoiP7na/ZS1:IiTFUKrVRrTKKP7gS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\425ccf28e1a0ab917123195ea5c3c0ca.exe
    "C:\Users\Admin\AppData\Local\Temp\425ccf28e1a0ab917123195ea5c3c0ca.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Users\Admin\AppData\Local\Temp\425ccf28e1a0ab917123195ea5c3c0ca.exe
      C:\Users\Admin\AppData\Local\Temp\425ccf28e1a0ab917123195ea5c3c0ca.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\425ccf28e1a0ab917123195ea5c3c0ca.exe
    Filesize

    381KB

    MD5

    a7ec51e80cfcb5b090703a85301f333c

    SHA1

    d72af31372e6cbedc2bb652cfa8db97954728d50

    SHA256

    3b136ab9e13a935553eb258a5003abbfcc8bc6c75bb65f7feafa969af866e1aa

    SHA512

    41ad1990b570daf2c4cbaa958bdba928cf87b0cbdf5cd681266211668b1688eb9ea9fa9520873383480299cbc441ce98b9401d9b3930a519b026b56352e21c2e

    Download Submit

  • memory/2948-15-0x0000000001830000-0x0000000001918000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2948-20-0x00000000050C0000-0x000000000517B000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2948-21-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2948-13-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2948-30-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2948-35-0x000000000B800000-0x000000000B898000-memory.dmp

    Filesize

    608KB

    Download

  • memory/5068-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/5068-1-0x0000000001650000-0x0000000001738000-memory.dmp

    Filesize

    928KB

    Download

  • memory/5068-2-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/5068-12-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download