Overview

overview

7

Static

static

3

5449802632...f1.exe

windows7-x64

7

5449802632...f1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 18:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54498026323cc5d3796146ca44eeb4f1.exe

  • Size

    1.9MB

  • MD5

    54498026323cc5d3796146ca44eeb4f1

  • SHA1

    3e3dad19de387880b4638a906b5332efa3ae6004

  • SHA256

    456d61526ca8465e5a8a2dc91a8005ada6be25fa2a23a988f2c4856640ebe613

  • SHA512

    8674c4af855084fe7019a4b7598c93d1002343fd25601aec4557389e4b417d13d37cfd0d7d248d80cad99ef776d179d6a1f836ccf1651aa63ae380a8e7f0b312

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dXhYmgAEq00IpLtaFwNxwsro1cDCF9oeMsOo0:Qoa1taC070dXhYJEI4wksMxQsOc+dLJ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54498026323cc5d3796146ca44eeb4f1.exe
    "C:\Users\Admin\AppData\Local\Temp\54498026323cc5d3796146ca44eeb4f1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Users\Admin\AppData\Local\Temp\518B.tmp
      "C:\Users\Admin\AppData\Local\Temp\518B.tmp" --splashC:\Users\Admin\AppData\Local\Temp\54498026323cc5d3796146ca44eeb4f1.exe 728D0A54A3F0219B29800DEEEA4D9188D32103D09A2A9D445C334DAB98E479990775B40A598AA19FA58EF0EDAAD639441B54549C26E4B665040DBEA467CE7CA9
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\518B.tmp
    Filesize

    647KB

    MD5

    3f72b25be0c1c2447a746981f2670136

    SHA1

    7d696c242c3eb6d5cb4318cec43a684c5ccfd3bc

    SHA256

    f91f3abcdf2361d938c041a78f86f8f671d4d759b2686b826d062269448c8f6a

    SHA512

    2106dce29f01486f44afa8d11c12e0c5a8512d87aa47bfaf633715217a90d171e10b92012258bd30dcc4c8c0476b3b770e79b1c03c74624d195253c8039542d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\518B.tmp
    Filesize

    614KB

    MD5

    d07bd5e1f551032e76283ce11de0911b

    SHA1

    baa927f7d63bfd0063808ee4794ca29d1cb8ca11

    SHA256

    7323d660552cb5c5a6147202db5f917e2c8cde4d8cefe1692dece0040630598d

    SHA512

    0b88077e801d17d6bc16c824cd5b5660553580e383396f57be554021366d1789fc3e3a6b4ad1eabd9676ab8e6107e46f16917e18b19f00bc48244c83bc04d198

    Download Submit

  • memory/2828-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3172-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download