Overview

overview

7

Static

static

3

4c8aacc007...5e.exe

windows7-x64

7

4c8aacc007...5e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 02:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4c8aacc00786fb2a5c5523fa7802e65e.exe

  • Size

    4.2MB

  • MD5

    4c8aacc00786fb2a5c5523fa7802e65e

  • SHA1

    ecf0c194069cd00608af27a68def3276b59499a2

  • SHA256

    a7010ae73f73ccf766491be6b474481da31cadf131b92a83069b0b611fec81da

  • SHA512

    49a479dac23ec16d5ff4e1195b8e34ee8f48ae46be6038cc8b7d306329ab621e9fe7560940a1818335ccdb49bb3aab6e02c07e4d7e6f7b30f20cd0bc3c98c0f2

  • SSDEEP

    98304:emhd1UryeviswYF+VLUjH5oxFbxCVLUjH5oxFbx:elPiVC+VUjZEdCVUjZEd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c8aacc00786fb2a5c5523fa7802e65e.exe
    "C:\Users\Admin\AppData\Local\Temp\4c8aacc00786fb2a5c5523fa7802e65e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Users\Admin\AppData\Local\Temp\1AD1.tmp
      "C:\Users\Admin\AppData\Local\Temp\1AD1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4c8aacc00786fb2a5c5523fa7802e65e.exe BA60AAE76C8B041D61E66B760525809D9E377C3D9BAC155196A82C4A7F69F1A0E0C0B8A2B82CD1CBC69C5322DF1E84A4A6742FEF89607C83210DCEA011CABCA2
      2⤵
      • Executes dropped EXE
      PID:2460

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1AD1.tmp
          Filesize

          415KB

          MD5

          17f78e9674076e998bd4f3b2277c31ee

          SHA1

          6ec902617e2ce7ccf818d2ac25bbb2227fa962b6

          SHA256

          259e6c23258cca93e377c79a23b109fc12c13e1f48cd69995640570f79942037

          SHA512

          11c362e0b05828f27fc80a3a8d1623ab2f53efce9f36e8b23ee56d57c445a9e9132a1d159b078cdd241911bea8e6e7ee32977ff49747ce1dff4a5628dca642ec

          Download Submit

        • \Users\Admin\AppData\Local\Temp\1AD1.tmp
          Filesize

          419KB

          MD5

          e7a1ad983d4b8d94bad731db5073a8e4

          SHA1

          7647b116f287677012ad7aaf570883933d7da95d

          SHA256

          b17ae05851ced3e0ba3d1ed2e90427b37c7f3ca55ddc6f18f59b85c89cea0674

          SHA512

          aab6f979ce1d5bd3c25f226772ed0498edc4803dc3c1845ad67259589f5c969e638e5a6ef4f4b46b5da4ee07c1643418f1c58ff6c3968acac117836cff7446a6

          Download Submit

        • memory/1776-0-0x0000000000400000-0x0000000000849000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2460-6-0x0000000000400000-0x0000000000849000-memory.dmp

          Filesize

          4.3MB

          Download