Overview

overview

7

Static

static

3

51e88ef70b...b0.exe

windows7-x64

7

51e88ef70b...b0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    181s
  • max time network
    226s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2024 23:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51e88ef70be49f4d2d33edb9a146cbb0.exe

  • Size

    82KB

  • MD5

    51e88ef70be49f4d2d33edb9a146cbb0

  • SHA1

    b68f4a9ff8b195b90c1c937bebee004a09412dae

  • SHA256

    0d69b1dc25944306229cbbc162ddd9624ee2492e03d0b2dccfa39b31b062d82f

  • SHA512

    9f4bb7bc258e64a7353c039c4cf17fb8a1be98c0eec181ac8926a765b77ef0973927dbda8223b735862db0cbf6581a5adf6e85f9516ec554039fad4a4f00a7bc

  • SSDEEP

    1536:acBaHEwNCjhZpa/d2VWsFiMRzWMbM/13YfSB852V+dgSsCqFaNgzv:acEv3/8FDYMbM/13Y48524sCqFPv

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51e88ef70be49f4d2d33edb9a146cbb0.exe
    "C:\Users\Admin\AppData\Local\Temp\51e88ef70be49f4d2d33edb9a146cbb0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Users\Admin\AppData\Local\Temp\51e88ef70be49f4d2d33edb9a146cbb0.exe
      C:\Users\Admin\AppData\Local\Temp\51e88ef70be49f4d2d33edb9a146cbb0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\51e88ef70be49f4d2d33edb9a146cbb0.exe
    Filesize

    82KB

    MD5

    c0be7d3b8b82a76e9598b30b697abc16

    SHA1

    bbbc20da226d2f7136102b78985e65eec49db95e

    SHA256

    f8587c8934e35410adb7af69b2bc07ffc49581a3b9b66c79d12824b8a6a288eb

    SHA512

    03fd74d744128751d42f325ca9d1f48f484cf1dcf6ee5a8d31a3ad3d90a96fe15d9bf4e4cd7cf52a364647020607d5d5dcabbd17674eed63f8a4df53950e4ba3

    Download Submit

  • memory/3032-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3032-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3032-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3032-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3500-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3500-15-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3500-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3500-23-0x00000000014F0000-0x000000000150B000-memory.dmp

    Filesize

    108KB

    Download