Overview

overview

7

Static

static

3

4567db3e98...ca.exe

windows7-x64

7

4567db3e98...ca.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 05:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4567db3e9856db5a66baba30607fe6ca.exe

  • Size

    1.9MB

  • MD5

    4567db3e9856db5a66baba30607fe6ca

  • SHA1

    ced11eb19a3c47ef8e5ab304596535675945c0b4

  • SHA256

    51b851f01ca96c59efc9849dabbc7ff599502bcacf37a04cea50456843a52fcb

  • SHA512

    cf0b3559fc35fdaba6f9f145644fb1b82b38514a4ff243edb2e83063daf4508f39a28ea14e1693cf7e2aff57384d53048ecfcd6f5a1099d009c21b4c31a58b96

  • SSDEEP

    49152:Qoa1taC070dovfPEE10iQNjOqmZjcIStVs:Qoa1taC0P/0iQNF/1tK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4567db3e9856db5a66baba30607fe6ca.exe
    "C:\Users\Admin\AppData\Local\Temp\4567db3e9856db5a66baba30607fe6ca.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3716
    • C:\Users\Admin\AppData\Local\Temp\A519.tmp
      "C:\Users\Admin\AppData\Local\Temp\A519.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4567db3e9856db5a66baba30607fe6ca.exe 4E7A0AA7BD4FE8495CE5FECFCCD446A4C1085DD575F2BEA7B768B41C649B4EDD57E8F7A6C78F708A362532F538003FEF348B2E67CE42FC5C124218FB064F8BFC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A519.tmp
    Filesize

    214KB

    MD5

    85c3ecfa8f94a780b7c2d3981f57507d

    SHA1

    7a6902936127933ebdb2cbabe9619a4948138d20

    SHA256

    d956c8af546a70be9346bc6963fbdb34b1ba99a017e245d51500a42f42833415

    SHA512

    7ebcbd892d9bd48f4438fea7c570e7fcc2cb2e3e4b73998b4f61a46c40ca232c03c9272afeb134a5b6b971b31a870d2ad0594a7c62f7dc530d9f9d119af26100

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\A519.tmp
    Filesize

    264KB

    MD5

    d7a99a264f32df4a8d6117d3ad6f7040

    SHA1

    14edd4bd2af0607b3dab3030e431a229c4bae416

    SHA256

    97a0dcc3dd2bdf0e0cfd960c81f039c8bae48b35fe4cef21171d483d3b0d7d04

    SHA512

    75f2e333861d25bf1b7a2e8892f3b280a893de1e4cb7dba9de527cea6826bc0fe6783ca0b879c8a2ee5a221aeaeb7267a7ae8631bfbde9eef0d2deee896d4b75

    Download Submit

  • memory/2916-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3716-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download