Overview

overview

7

Static

static

3

47a22e2ea1...09.exe

windows7-x64

7

47a22e2ea1...09.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47a22e2ea168fa1011ac5ecbb737ce09.exe

  • Size

    82KB

  • MD5

    47a22e2ea168fa1011ac5ecbb737ce09

  • SHA1

    92d758e9e9907a43c6a68fc57e238c8af9385954

  • SHA256

    9a4fe0683e02b1c9094ca08b8763b479cb9142e5d3b383a4a7f7fa1345f26c41

  • SHA512

    5ac9b498012d0c197740ea8d95b77034aa7691a2e82752ab491696dd196e953dc66435df9215788121e0e6b37900b986a1949ed7d74868a1217c82d0ccf7dd23

  • SSDEEP

    1536:y3e565gHWI0Pw20Qh+sYhJyhR/p7MgJqT9J3SZgdvja/On/:me565pI0DN+sYCxt69d3lja/k/

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47a22e2ea168fa1011ac5ecbb737ce09.exe
    "C:\Users\Admin\AppData\Local\Temp\47a22e2ea168fa1011ac5ecbb737ce09.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Users\Admin\AppData\Local\Temp\47a22e2ea168fa1011ac5ecbb737ce09.exe
      C:\Users\Admin\AppData\Local\Temp\47a22e2ea168fa1011ac5ecbb737ce09.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\47a22e2ea168fa1011ac5ecbb737ce09.exe
    Filesize

    82KB

    MD5

    4c2160723d91fba94232e19639c877ee

    SHA1

    2fde9ba2b76e2b5ee6fdda6bbb4c43206971cb49

    SHA256

    6cffdeacafd441000619894e75162e6bfe4a1bc8d39a005a72a744399f5ff8ac

    SHA512

    ac398ffedd70eef266e597ddabdb781e4ba0dce1a1bd5ec6c2bfc89010181a2c524264b872c7366a691839962c96b50141de9b6e1025b77c4f74cba2c2583b54

    Download Submit

  • memory/1312-17-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1312-20-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1312-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1312-25-0x00000000001A0000-0x00000000001BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2288-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2288-3-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2288-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2288-15-0x0000000000190000-0x00000000001BF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2288-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download