Overview

overview

7

Static

static

3

4567db3e98...ca.exe

windows7-x64

7

4567db3e98...ca.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2024, 05:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4567db3e9856db5a66baba30607fe6ca.exe

  • Size

    1.9MB

  • MD5

    4567db3e9856db5a66baba30607fe6ca

  • SHA1

    ced11eb19a3c47ef8e5ab304596535675945c0b4

  • SHA256

    51b851f01ca96c59efc9849dabbc7ff599502bcacf37a04cea50456843a52fcb

  • SHA512

    cf0b3559fc35fdaba6f9f145644fb1b82b38514a4ff243edb2e83063daf4508f39a28ea14e1693cf7e2aff57384d53048ecfcd6f5a1099d009c21b4c31a58b96

  • SSDEEP

    49152:Qoa1taC070dovfPEE10iQNjOqmZjcIStVs:Qoa1taC0P/0iQNF/1tK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4567db3e9856db5a66baba30607fe6ca.exe
    "C:\Users\Admin\AppData\Local\Temp\4567db3e9856db5a66baba30607fe6ca.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\7697.tmp
      "C:\Users\Admin\AppData\Local\Temp\7697.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4567db3e9856db5a66baba30607fe6ca.exe 20FF1CB9604C5ADB9829A8BEC7E1E5CF3124E4C9DACAD1FBA9AADD6345E96382AF7A9761A4BA78EA3FE1E372B3BA1C3687DAE33DE2C851B52B622AE3FAE5FB19
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\7697.tmp
    Filesize

    1.9MB

    MD5

    32292195192a9cd924e82ee0e408d31d

    SHA1

    f98c8a68500b8489a70688547280a40b35b298ad

    SHA256

    916432daff6df83bd3873c0c8d155d146a1dfc1a9ff8712055de502e76465112

    SHA512

    6989209a863990136d438395165ab6a891ba00f5e46a9bda02eee06c6c50d50f9dba046ba55f0a4fc4269f212cf3c4e681f48bcda7b096cc193300edb6a0c9b4

    Download Submit

  • memory/2376-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2692-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download