Overview

overview

7

Static

static

3

4c8aacc007...5e.exe

windows7-x64

7

4c8aacc007...5e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 02:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4c8aacc00786fb2a5c5523fa7802e65e.exe

  • Size

    4.2MB

  • MD5

    4c8aacc00786fb2a5c5523fa7802e65e

  • SHA1

    ecf0c194069cd00608af27a68def3276b59499a2

  • SHA256

    a7010ae73f73ccf766491be6b474481da31cadf131b92a83069b0b611fec81da

  • SHA512

    49a479dac23ec16d5ff4e1195b8e34ee8f48ae46be6038cc8b7d306329ab621e9fe7560940a1818335ccdb49bb3aab6e02c07e4d7e6f7b30f20cd0bc3c98c0f2

  • SSDEEP

    98304:emhd1UryeviswYF+VLUjH5oxFbxCVLUjH5oxFbx:elPiVC+VUjZEdCVUjZEd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c8aacc00786fb2a5c5523fa7802e65e.exe
    "C:\Users\Admin\AppData\Local\Temp\4c8aacc00786fb2a5c5523fa7802e65e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Users\Admin\AppData\Local\Temp\56EA.tmp
      "C:\Users\Admin\AppData\Local\Temp\56EA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4c8aacc00786fb2a5c5523fa7802e65e.exe AACC45DB6243E02E3A5B8F6F19E61FA4437D8D311A5E9E98E731CE57BAA5E09CBEEAAFA27287502338D1A55E6AA204708D4C6CBD2F3C782D897EA78A93731F37
      2⤵
      • Executes dropped EXE
      PID:3216

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\56EA.tmp
          Filesize

          57KB

          MD5

          d28304031448bb3af9b18323cecfb92d

          SHA1

          605c305073b78f3b5fd412e6fa6d41f64e494938

          SHA256

          23b8d0bf829b4e5aca0e4b2c771430c68c9b20a65d7e3e4cf3fa9756f7b8fc7d

          SHA512

          12ab8e42eac393788d61c14df4f50d7e6b3f8d89493e8edcbe0d3cbfcddf193001c800628e82255dc7454d797d0665164ef23e3c43876c70e7cb357f5fd8473e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\56EA.tmp
          Filesize

          42KB

          MD5

          e8b33e56a5faefadd9f43bc27338304c

          SHA1

          5b02e9e76fa0857039ac4b81561a8424ecde39f9

          SHA256

          623d66ffaea75956e8d14fa9e3e01c6f523f66591d93157707ba9e0151d69308

          SHA512

          27e843f4ae5d628db5c52ed15e9373790c5887da2d2fc7d599dbf00708297b4b1b208babc45c14c8840a51fd10f008104cf4ad808e46d6b2a48ed5a06b09289b

          Download Submit

        • memory/1596-0-0x0000000000400000-0x0000000000849000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/3216-5-0x0000000000400000-0x0000000000849000-memory.dmp

          Filesize

          4.3MB

          Download