Overview

overview

7

Static

static

3

500d2520cf...ff.exe

windows7-x64

7

500d2520cf...ff.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    500d2520cfc592b6e29fc1a888aca1ff.exe

  • Size

    1.9MB

  • MD5

    500d2520cfc592b6e29fc1a888aca1ff

  • SHA1

    cab1569b31e9b992326f21ef2e0f6092f9b2ff60

  • SHA256

    22eb9d971a9b778557919c17cb3fd79f7a7287b46867f38c571fe709dda6ca2a

  • SHA512

    496635f4c6a3a13dc73f695fc2ad3b107d63c5c32fdd2310df13e0a16fd298da20d391a527d76234c4f3f9bf93457023ea944a164b48b5e7e21339c7f75bf9a9

  • SSDEEP

    49152:Qoa1taC070d7AImFUvNgsPeURje7E68xcTQfrMDF48xx2NeNN7BbTH0S:Qoa1taC0s6Dgqwd+MfA54rwntbt

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\500d2520cfc592b6e29fc1a888aca1ff.exe
    "C:\Users\Admin\AppData\Local\Temp\500d2520cfc592b6e29fc1a888aca1ff.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Users\Admin\AppData\Local\Temp\D98.tmp
      "C:\Users\Admin\AppData\Local\Temp\D98.tmp" --splashC:\Users\Admin\AppData\Local\Temp\500d2520cfc592b6e29fc1a888aca1ff.exe 07D875828E114FB611BECFF32C52EEAFE83695A82026EE8580D16948614BD17AE6F4A7BDD4DD1B27B4317153A034F463CE63BE18FF232610BA6FA4D448907A2E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D98.tmp
    Filesize

    18KB

    MD5

    cfa200c5f163135414734680b1cc77d4

    SHA1

    0d4f324d40939a50f326ac5e1c7f1d8f4fa149c6

    SHA256

    25d49b3c50b1fc7b81ca73d8f9f167ac28babd36b30af5b9fcda059bc90d06fa

    SHA512

    2dad4606674f8791d9611d0133110e508b9be53bf10661fddaacd5941b81cc969f1c6d3bf157f26878fa2d24a43c07d42c2df6c1a1621d1a1bf3d1796dfc19ee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\D98.tmp
    Filesize

    31KB

    MD5

    1db6e8fd8401023fbeb282032e6e7acb

    SHA1

    45df3563a4edb45ff629d24b14483d7a1d1b979d

    SHA256

    7ff5a8280c654d91bc225c7d8e12a64654d731b981ead018b36cc7dd8e8ab939

    SHA512

    bbabdb6801dc4beb5fdc24acce0cab51e9729655abd869c935aaef023abaff348615799bb63605c2b5bc1e1304a5711eead061f74b2c78b41f7427203ffa8f39

    Download Submit

  • memory/2196-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2236-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download