Overview

overview

7

Static

static

3

2cc5ee2e61...87.exe

windows7-x64

7

2cc5ee2e61...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 14:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2cc5ee2e619d160483b340a2267bc37660022063f503d5531c3b554183d89987.exe

  • Size

    1.6MB

  • MD5

    91c5af7263e276a9b546a025cdb859f4

  • SHA1

    91191f32689fd2305f35e7446c436aa024c22366

  • SHA256

    2cc5ee2e619d160483b340a2267bc37660022063f503d5531c3b554183d89987

  • SHA512

    8b14acae2c90d78fb75bf583b4a23b5654e1ea7b0397cf23212aed1aa904ed5291def577f596c80222cf111c55706fab6a4f6613d0dcd36d2b149ea9229f05f0

  • SSDEEP

    24576:s7FUDowAyrTVE3U5F/vj2BKic6QL3E2vVsjECUAQT45deRV9Rf:sBuZrEUf2BKIy029s4C1eH9h

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cc5ee2e619d160483b340a2267bc37660022063f503d5531c3b554183d89987.exe
    "C:\Users\Admin\AppData\Local\Temp\2cc5ee2e619d160483b340a2267bc37660022063f503d5531c3b554183d89987.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Users\Admin\AppData\Local\Temp\is-NF2PR.tmp\2cc5ee2e619d160483b340a2267bc37660022063f503d5531c3b554183d89987.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-NF2PR.tmp\2cc5ee2e619d160483b340a2267bc37660022063f503d5531c3b554183d89987.tmp" /SL5="$17014E,832512,832512,C:\Users\Admin\AppData\Local\Temp\2cc5ee2e619d160483b340a2267bc37660022063f503d5531c3b554183d89987.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1364

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\is-NF2PR.tmp\2cc5ee2e619d160483b340a2267bc37660022063f503d5531c3b554183d89987.tmp
          Filesize

          3.1MB

          MD5

          46de33576473eb3af2679bd226bd20ef

          SHA1

          aab839c255dc13b7eed67d3eae9d44bb36c39341

          SHA256

          ad562d2553a228080e9148bf5dc80f3305e6b963d7dc102165854c86e6715a51

          SHA512

          edce4e0ae3c670300490cad41260397a919806c8bc85f67c943697bd0357b113dc11a17aad8902b0b12678422db52297293b2a87298ba2bb0261bce93f772f8c

          Download Submit

        • memory/1364-8-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1364-11-0x0000000000400000-0x000000000071C000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/1364-14-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2972-1-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

          Download

        • memory/2972-10-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

          Download