Overview

overview

7

Static

static

3

4b8d73eb61...e3.exe

windows7-x64

7

4b8d73eb61...e3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2024 13:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b8d73eb611cbedb3f9bb17c9d6001e3.exe

  • Size

    94KB

  • MD5

    4b8d73eb611cbedb3f9bb17c9d6001e3

  • SHA1

    d89cc90b30adaaa9023a96459f6ac22d1f3d273a

  • SHA256

    c5c894100e8b216c7e7a04e4ce31572a3f5ca65e6d79c2ee1d23daf64a0db7d5

  • SHA512

    1098ce19b68153c135a34ab818c59a956505d53174fc0f7e709894496e87c713727c2fbb94dbdaa404e03a391e71ec905e54c788c691c7dc1ff991c4a7409dc2

  • SSDEEP

    1536:Y7LLJnEIdGY16Vlqy936E/rKChIKFZWR3cKZIjXa2Tl4m+:mJEhVlqOKEmCh/DKcS2OT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b8d73eb611cbedb3f9bb17c9d6001e3.exe
    "C:\Users\Admin\AppData\Local\Temp\4b8d73eb611cbedb3f9bb17c9d6001e3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2832
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Jlf..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Jlf..bat
    Filesize

    210B

    MD5

    76421c88fe293f29e53e1925b01be885

    SHA1

    c11e7b792cb705428099fad8a1857551e194f63c

    SHA256

    17b0107ddb28e55ac71e30d7cc03dbd4b885f5a46b24e4ff823dd08409e68fe1

    SHA512

    8e6c89e3e125018a956e97bbf3a66ef7d7aed13338789eae6c2a46d710d82b5d3f5eadfa6210c0a1e4bd1081172fac2e9ea17a13c0d533cfd486d14bc4d0e105

    Download Submit

  • memory/2832-0-0x0000000000290000-0x00000000002BD000-memory.dmp

    Filesize

    180KB

    Download

  • memory/2832-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2832-3-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2832-4-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download