Overview

overview

7

Static

static

3

5568db4fe9...1c.exe

windows7-x64

7

5568db4fe9...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 03:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5568db4fe94ac1c7778136f1f921771c.exe

  • Size

    105KB

  • MD5

    5568db4fe94ac1c7778136f1f921771c

  • SHA1

    7771424c8d9131df0ea802b66852f8e203542ac1

  • SHA256

    dfa01e02faae2e488a2bbae3558a7f4b5a2eae772e442efbb348732bed63c048

  • SHA512

    0263d4d0e66ad18253fe5625d0bb8412c9daaaf46a45ebaaf1e2c2b1ea601c15a5c7a23b1c5f321da4bf4702c88cfe894c98dc8c236b88de1cf09985be5113e9

  • SSDEEP

    3072:DfpY2usc7KgUZdDI6QU13QRlD7xzEpW9i:LpYEWKgU7DIO1gRlWY4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5568db4fe94ac1c7778136f1f921771c.exe
    "C:\Users\Admin\AppData\Local\Temp\5568db4fe94ac1c7778136f1f921771c.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\5568db4fe94ac1c7778136f1f921771c.exe
      C:\Users\Admin\AppData\Local\Temp\5568db4fe94ac1c7778136f1f921771c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5084

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5568db4fe94ac1c7778136f1f921771c.exe
          Filesize

          105KB

          MD5

          2d39a122b3e6c498a211e3ca783b2928

          SHA1

          0809251210a2a83dddc3ff1b8bb90f3c4da2af2d

          SHA256

          2f9c309520577a8babfff3caef611501939022c5bad57836d515b80c9a6952fe

          SHA512

          057a826eac4337b9e247a9466bc409ceece743fdb3570806e6d7aa11270ba3747dcf74dcd3a38ff9b96da0e6db941ab8fb9c7200cb2707be8ec8a07493dab7c5

          Download Submit

        • memory/2672-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2672-1-0x00000000000F0000-0x000000000011F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2672-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2672-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/5084-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/5084-16-0x00000000000E0000-0x000000000010F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/5084-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/5084-25-0x0000000004DB0000-0x0000000004DCB000-memory.dmp

          Filesize

          108KB

          Download