Overview

overview

7

Static

static

3

4c8aacc007...5e.exe

windows7-x64

7

4c8aacc007...5e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 21:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4c8aacc00786fb2a5c5523fa7802e65e.exe

  • Size

    4.2MB

  • MD5

    4c8aacc00786fb2a5c5523fa7802e65e

  • SHA1

    ecf0c194069cd00608af27a68def3276b59499a2

  • SHA256

    a7010ae73f73ccf766491be6b474481da31cadf131b92a83069b0b611fec81da

  • SHA512

    49a479dac23ec16d5ff4e1195b8e34ee8f48ae46be6038cc8b7d306329ab621e9fe7560940a1818335ccdb49bb3aab6e02c07e4d7e6f7b30f20cd0bc3c98c0f2

  • SSDEEP

    98304:emhd1UryeviswYF+VLUjH5oxFbxCVLUjH5oxFbx:elPiVC+VUjZEdCVUjZEd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c8aacc00786fb2a5c5523fa7802e65e.exe
    "C:\Users\Admin\AppData\Local\Temp\4c8aacc00786fb2a5c5523fa7802e65e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\1D70.tmp
      "C:\Users\Admin\AppData\Local\Temp\1D70.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4c8aacc00786fb2a5c5523fa7802e65e.exe E5AE37A4547C4DBB387EAC664CD54070EB16CDB63969E286C8C06D847D1780383CD46237358CE43CA400E450F88BD97ECBE0FE606669E31253008EE610043BC9
      2⤵
      • Executes dropped EXE
      PID:2196

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1D70.tmp
          Filesize

          785KB

          MD5

          b4f4a8550e00c6c3f2631599b28f869c

          SHA1

          9ed4cb8bcc01251d58a6af7cdea5a7d3bf5faef6

          SHA256

          b13cf94deea3bfdc4bbe7fb5c466e59ad6a8571928af1534d9a0bfd763390ca3

          SHA512

          b064d0e421f6d4f8d0e5c495d11a127a9804c7fdf537c5a4bb9a97b1cf1f41ca378ef4190b6272218560e68a1d48b0a8c92bdd5a2b7cf84c4ccb40a799068d01

          Download Submit

        • \Users\Admin\AppData\Local\Temp\1D70.tmp
          Filesize

          705KB

          MD5

          9962abe0096faeb51a85c0500e3efe86

          SHA1

          30670347740374f38dfc5f307836ddb4559e0366

          SHA256

          52f25e802f95005d8a35556d95065670c0d5ed41fd7bee75dd7cdf76bae1ea3d

          SHA512

          ef98bd52f0f869b31b6f52b4f2c3f2c00ff61104ddea95f02b4a5b6580f4ddf76e06a1005ee46661025d752af6e0809b688cbd4058596138bb8089225b32225c

          Download Submit

        • memory/2196-6-0x0000000000400000-0x0000000000849000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2252-0-0x0000000000400000-0x0000000000849000-memory.dmp

          Filesize

          4.3MB

          Download