Overview

overview

7

Static

static

3

53f4be8f23...4b.exe

windows7-x64

7

53f4be8f23...4b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 16:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53f4be8f2395999af67a5a67d634c84b.exe

  • Size

    81KB

  • MD5

    53f4be8f2395999af67a5a67d634c84b

  • SHA1

    9dc7aaf422970cbdfe926a1a0e2edd0d50b1c572

  • SHA256

    848bc546d96d50dfb98bac6b81bdc5a2ff99c3e43b20ec8cade1b365f8ee416a

  • SHA512

    0f7a4782264f9853b27ce1e1f4772e610291c86bf2cb6d94d6f2340d8c3257e2ebcbd4fbe1cc47c3f2b21b0710a37d2ea2477df12b50e16a1f4860275754cdcc

  • SSDEEP

    1536:DNu2rORchMRO8GzCVOROvHgOksd16Azn5E/9:DNDiPRwz0HgOksd0+I

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53f4be8f2395999af67a5a67d634c84b.exe
    "C:\Users\Admin\AppData\Local\Temp\53f4be8f2395999af67a5a67d634c84b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3832
    • C:\Users\Admin\AppData\Local\Temp\53f4be8f2395999af67a5a67d634c84b.exe
      C:\Users\Admin\AppData\Local\Temp\53f4be8f2395999af67a5a67d634c84b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\53f4be8f2395999af67a5a67d634c84b.exe
    Filesize

    81KB

    MD5

    9fa103ade903b18f931a81ebfb027158

    SHA1

    f37ca1498c1c44786653cd2cd69cdaae8a3a7f69

    SHA256

    cccfb283333f5e8145d352322aa9dfb7691cdae2554a28e4ddd172892e2c1061

    SHA512

    c1c29c740bcf05f2df1679de6e7fc66e2ec353583412bb6a231b6e60a45c752f6a485cc82c4ff756b67a3311cc7857162903ebf6d7520386ce20c3f03fd35bf3

    Download Submit

  • memory/3092-14-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3092-15-0x00000000001B0000-0x00000000001DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3092-20-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3092-26-0x00000000014E0000-0x00000000014FC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3092-27-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3832-0-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3832-1-0x00000000001D0000-0x00000000001FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3832-2-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3832-12-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download