Overview

overview

7

Static

static

3

4a8d7c6a91...fe.exe

windows7-x64

7

4a8d7c6a91...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a8d7c6a9164f2002f78bd14712b4bfe.exe

  • Size

    4.2MB

  • MD5

    4a8d7c6a9164f2002f78bd14712b4bfe

  • SHA1

    3050d7b51ec1146b4f6f693051e616083ea2ec1d

  • SHA256

    2a127692c3ef4e0757a9673bc9e6ebd06e5852120cb82fb7821e9081a581047b

  • SHA512

    9305133a9215e59e7092ecbc500889485b63a67d477ac600b52a9c0d70d576a534ec5b1ffe08e8a04aa1142e180403390d053d85ebf30c2288f169ee9d8724df

  • SSDEEP

    98304:emhd1UryeDsrNHtE1vkhN05YVF6VLUjH5oxFbxCVLUjH5oxFbx:elqtskhe5YqVUjZEdCVUjZEd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a8d7c6a9164f2002f78bd14712b4bfe.exe
    "C:\Users\Admin\AppData\Local\Temp\4a8d7c6a9164f2002f78bd14712b4bfe.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Users\Admin\AppData\Local\Temp\5CEF.tmp
      "C:\Users\Admin\AppData\Local\Temp\5CEF.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a8d7c6a9164f2002f78bd14712b4bfe.exe F54A4F1A7C35DF62F4F13D2EB1D83D8488647C96175513FEA626F2B23CB30D49CC454443373E683A920582A0DE4AD5AFEBA4772B2343E8DFDD15E44FA82DBC89
      2⤵
      • Executes dropped EXE
      PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5CEF.tmp
    Filesize

    930KB

    MD5

    413da981ef9e7799191e7bcf2a8be926

    SHA1

    d1fa9bb200bfa57b6d619f17e2619a5c6e291454

    SHA256

    443ed9ae56d0bc8e1a7cd55983ca3d08cb0ee9e4453e6955dfe48d4fbe195c62

    SHA512

    1cb82e20b2edccdf0266c817d392dff7cd2df7d96ab5851d517556db8948368555172a2f64f3ea2e97caba761498778a6f73d5d1d52ecd559c0f83fc71ca8f54

    Download Submit

  • \Users\Admin\AppData\Local\Temp\5CEF.tmp
    Filesize

    1.1MB

    MD5

    9f519af25d4c6472a78c9709009f5e66

    SHA1

    6547faa0af233ee980fc39f0f1aeee153af599b6

    SHA256

    07b63fd90942d4625c6908d2064623eec8879c6fba93fe2a3fcc15fb888794c0

    SHA512

    53a446ae81e702fe3c5514354e642efad32200147796f62ff6c64d24e2ffbbc2ccfc08b98ade40fa7e65a19f7ce12e2a05b2309122a8c800d07878ba907d76e5

    Download Submit

  • memory/1516-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/1900-6-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download