Overview

overview

7

Static

static

3

51802a6493...b9.exe

windows7-x64

7

51802a6493...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2024 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51802a649373409e1021303b07040cb9.exe

  • Size

    82KB

  • MD5

    51802a649373409e1021303b07040cb9

  • SHA1

    b46120924756bf92e5d42952ac765ddd14686d36

  • SHA256

    da4f6042e4e431d94f0f10a6c641f1385aea53c975be3169d335b90a87af3620

  • SHA512

    1ea86b0910b6ba270af2b749746b380b7fad5689c0b554f63df8481362c894c92e109b28163a16cfafcba77fcf968dda3c952a07881007ec0624ebf29b53bdf4

  • SSDEEP

    1536:ifTCyJF07jpS/biBiBfHY/O6+QyTLuGFh/VTosyaDbaW3yrZGc/uHD:iuyL07VxBiBPY/Otjuwh/VTosVXaWCr4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51802a649373409e1021303b07040cb9.exe
    "C:\Users\Admin\AppData\Local\Temp\51802a649373409e1021303b07040cb9.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4640
    • C:\Users\Admin\AppData\Local\Temp\51802a649373409e1021303b07040cb9.exe
      C:\Users\Admin\AppData\Local\Temp\51802a649373409e1021303b07040cb9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\51802a649373409e1021303b07040cb9.exe
    Filesize

    82KB

    MD5

    67bb65d436f86ddf3aca09745c232796

    SHA1

    d7a204b800fbafd22a4ff5e72b6b4760c4a17d0d

    SHA256

    ca420b34246cc1873266992c38ede077beef25e5b326d4e4044a48b5b535b65d

    SHA512

    90ecb76753ba9f2d8ee41bc848e2c756702a8608bba5bd83935962812248f8a9fd8164dbda9f6aa91e76971b1461988fa51437aa50c50e3abae25617e40b596d

    Download Submit

  • memory/3116-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3116-25-0x00000000014A0000-0x00000000014BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3116-14-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3116-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4640-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4640-1-0x0000000001430000-0x000000000145F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4640-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4640-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download