Overview

overview

7

Static

static

3

4db1b5a3dd...55.exe

windows7-x64

7

4db1b5a3dd...55.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 07:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4db1b5a3dd56bd6087c3f32a4cc47d55.exe

  • Size

    82KB

  • MD5

    4db1b5a3dd56bd6087c3f32a4cc47d55

  • SHA1

    4805dd528a8eb10263eb3f4cab76f349f6282445

  • SHA256

    4b6ccdf6d8335b0cf100ff58a391e3e128e9d5741467afde47e863dabd347f66

  • SHA512

    8b8a7c60d086d06278975436de75b623953daf6f171d60c5b2dff1f99456bc4d9d95ea4699b44b5effbe5b873a645d89fe82fe86a1d33bbead2b3caba7954e72

  • SSDEEP

    1536:w43+PWpySv+rn5+whCxiIKM7oIDzy/F0tvseftM37ggJX3R8doJ9/6WKS:33+u8zL5+9xVfD7tEefkfR8KQWKS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4db1b5a3dd56bd6087c3f32a4cc47d55.exe
    "C:\Users\Admin\AppData\Local\Temp\4db1b5a3dd56bd6087c3f32a4cc47d55.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Users\Admin\AppData\Local\Temp\4db1b5a3dd56bd6087c3f32a4cc47d55.exe
      C:\Users\Admin\AppData\Local\Temp\4db1b5a3dd56bd6087c3f32a4cc47d55.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2140

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\4db1b5a3dd56bd6087c3f32a4cc47d55.exe
          Filesize

          82KB

          MD5

          5421b727d3d89ba56a295bed18953cf5

          SHA1

          25635c89f87158b55eab1c694c01db26b077aba7

          SHA256

          0f8d2df8a596999186a4acea466a2d895693c44c2def820c69d88efb1a2e3689

          SHA512

          29f67fd1f7f9319455d742b1f0f8f19560246d03b756519df7c5896fc3af6c9a415107f96a4cfc8db934100ceb7c902f4e14990c5fd75bd671500779ccffb64a

          Download Submit

        • memory/2140-17-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2140-18-0x00000000000D0000-0x00000000000FF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2140-24-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2140-29-0x00000000001B0000-0x00000000001CB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3004-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3004-2-0x0000000000140000-0x000000000016F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3004-1-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3004-15-0x0000000000190000-0x00000000001BF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3004-14-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download