Overview

overview

7

Static

static

3

42c591ca21...3c.exe

windows7-x64

7

42c591ca21...3c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    161s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2024 04:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42c591ca21a280b37186260b2874d23c.exe

  • Size

    3.1MB

  • MD5

    42c591ca21a280b37186260b2874d23c

  • SHA1

    0dc1be3a14ec979dda7b99b9dc4dfc0c93b4cd7f

  • SHA256

    72cbad94778be553759cccde88da455d55bc4f0d030f5fec102e6f441495ff2f

  • SHA512

    eab6b37972325ded1d2dae9fb13bb9b9b9f6fdc5b9b0b5bef86e26a3f0611ebbe6c322da5213a9e2f3679bd8da81a375574a514d64af75892c184146d9cd0120

  • SSDEEP

    98304:5mSWOiIyU7sVNnOWauV1oS6e4VLUjH5oxFbxx:5XNanQKge4VUjZEdx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42c591ca21a280b37186260b2874d23c.exe
    "C:\Users\Admin\AppData\Local\Temp\42c591ca21a280b37186260b2874d23c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3828
    • C:\Users\Admin\AppData\Local\Temp\F26A.tmp
      "C:\Users\Admin\AppData\Local\Temp\F26A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\42c591ca21a280b37186260b2874d23c.exe 40FD3CB3305719CEF2EF2F0046447174B9F590F49147B44D14DFBE7B5CEBB82F95757E0A47EAF9068D2D3C2B1EFAFBD1639D8C01E45E0A85FE3581C8327E8789
      2⤵
      • Executes dropped EXE
      PID:728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\F26A.tmp
    Filesize

    3.1MB

    MD5

    762cdd66e0e244b733c96c51a0a343b7

    SHA1

    f0f4313e11f9b142196c1612fcd3e144f4345f14

    SHA256

    2968d1954b50332a6e983df04458c1fe680ca7b96e38e0f2961bd25225b69467

    SHA512

    7fde535309492544ae84b652c53c92fb9eb99cf353d7ed081d0d5e77b074bac2516519a17fc1f9d033e26a4e2694493cce9e89e366834f0bb655ba2f158ffdf5

    Download Submit

  • memory/728-5-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3828-0-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download