Overview

overview

7

Static

static

3

4a11e97f37...06.exe

windows7-x64

7

4a11e97f37...06.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 23:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4a11e97f37a27c92a5e3e1ff28323906.exe

  • Size

    1.9MB

  • MD5

    4a11e97f37a27c92a5e3e1ff28323906

  • SHA1

    84b593264bb23274f9ac9a9776abf439487e6da4

  • SHA256

    54ecd1e0b56fb0ff6598a9be5611d4d7b3a60deb434bdc793afbe9665a48cd83

  • SHA512

    a6942f56662275c6be0ac54375404fc25a2a807e769ee1d16a30c6eace1d96e8152b5929b6dedcdcaaa0639f37f4498e47cb5a59fc676c3314319fd4412397b9

  • SSDEEP

    49152:Qoa1taC070drhK2hAZa/75eEeZAczXIS9bg:Qoa1taC0OhR+6deEeZAkXIn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a11e97f37a27c92a5e3e1ff28323906.exe
    "C:\Users\Admin\AppData\Local\Temp\4a11e97f37a27c92a5e3e1ff28323906.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4060
    • C:\Users\Admin\AppData\Local\Temp\8A3E.tmp
      "C:\Users\Admin\AppData\Local\Temp\8A3E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a11e97f37a27c92a5e3e1ff28323906.exe 190D8C86F450414172D32F0F76A8E5AF422C25A577DBDBE183F1A9528573A18D0446C012025332CEC4FF8126C5FC2F65F694BCB1C1814859C82272164003184E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:748

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\8A3E.tmp
          Filesize

          1.9MB

          MD5

          4d443251c4a32134f8fa06630600c899

          SHA1

          83998eb274ad82bc3452a30fc835211d148ed9cd

          SHA256

          008e84602643a79bc3ed7706b649cf98a32461d0adecaeb7b10a5ac1cd59e8f9

          SHA512

          53f1fe987bf99d40b801695df97724535d4541874383c04513cd58072a73d71d76c8f2f32997b5e782285cb0d0a19fde06a8bb6ff53d2564427a9cd7567afdce

          Download Submit

        • memory/748-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4060-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download