Overview

overview

7

Static

static

3

4452f20a8b...bb.exe

windows7-x64

7

4452f20a8b...bb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    185s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 20:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4452f20a8b51fbee943b440d41d36dbb.exe

  • Size

    385KB

  • MD5

    4452f20a8b51fbee943b440d41d36dbb

  • SHA1

    d6143d88fbb4a98539c7b19aaa1afa403382ce5c

  • SHA256

    37cc799f7d60d58cc6dd52f583b1df349dd3181a1ac53096eab0bef737032bcc

  • SHA512

    8555117f035172cb6c7a93cfa46aaaa6ea06e6399f6ef83654cc538f0aab0521c3278d0e5486bf945e20b0f80fffd65f4599a8edf15812308025fa03e9f54c98

  • SSDEEP

    12288:bhdvKoRW92UJaNs4mtey07rDrzUZjOBLNFB:XFRW92U94mv07rDr40fB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4452f20a8b51fbee943b440d41d36dbb.exe
    "C:\Users\Admin\AppData\Local\Temp\4452f20a8b51fbee943b440d41d36dbb.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Users\Admin\AppData\Local\Temp\4452f20a8b51fbee943b440d41d36dbb.exe
      C:\Users\Admin\AppData\Local\Temp\4452f20a8b51fbee943b440d41d36dbb.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3660

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4452f20a8b51fbee943b440d41d36dbb.exe
          Filesize

          385KB

          MD5

          ed63a202fa531817aae5ca8a4b7a283f

          SHA1

          d52667a9eb0d96dee42b258276a1cd4cc8233c3f

          SHA256

          41ff3a2daa064eb05842fd9c4d06380d9071a09bc8eaf2c581d42928c7029e86

          SHA512

          9fde365bae1386d9aa59a6f6f4f8bb25fea78132aeeb97891c5ccd06ac4c657f92dae4de5d12e83a516180ac61fd8089bd4d05bd1e4d2d89d126e50229425162

          Download Submit

        • memory/3660-13-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3660-14-0x0000000000190000-0x00000000001F6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3660-20-0x0000000004EE0000-0x0000000004F3F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/3660-21-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/3660-30-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/3660-35-0x000000000B600000-0x000000000B63C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/3660-36-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4792-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4792-1-0x0000000001470000-0x00000000014D6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4792-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/4792-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download