Overview

overview

7

Static

static

3

5697c2c507...44.exe

windows7-x64

7

5697c2c507...44.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 13:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5697c2c5075fc532f0087b145e4b2444.exe

  • Size

    385KB

  • MD5

    5697c2c5075fc532f0087b145e4b2444

  • SHA1

    6f7a636802128c80724aae70edc864db59a962d5

  • SHA256

    2ee8b61b517e29bce261124cac1c9a5e1606f70bc64831f92a2bc612b04f726e

  • SHA512

    19f4ed5e767286d6a240230c92cceffa63a2bdec95741e8e1ee2d2ea492d44cc10f36c94bc026e41773b4f3b0b36c6f4992c844dba1540d530ce736e6da14f04

  • SSDEEP

    12288:vHL+d5ynt2JqBB8fQpOYLHQxwB9SYTQVY0j3B:PL+PynkIf8fQpOewM9NAYYB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5697c2c5075fc532f0087b145e4b2444.exe
    "C:\Users\Admin\AppData\Local\Temp\5697c2c5075fc532f0087b145e4b2444.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4652
    • C:\Users\Admin\AppData\Local\Temp\5697c2c5075fc532f0087b145e4b2444.exe
      C:\Users\Admin\AppData\Local\Temp\5697c2c5075fc532f0087b145e4b2444.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:380

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5697c2c5075fc532f0087b145e4b2444.exe
          Filesize

          385KB

          MD5

          5d98d001de9343878dd5d16d4fd1d8fb

          SHA1

          6838ef6caa1a07d43e3bedecbe4934a90e86492a

          SHA256

          4b3f19a2dc92e812fff8523a7bf0c6021b96e373ef905a354e5143c24a7fdf44

          SHA512

          6ad7c90e42a7e544e9617ab5c559a78b358813e37c1d6ea9e04b694f372dbae5247a2d2b9d3fbe6dd992b4d64d0aed8385aaa50b697955b9f832bd46949eda53

          Download Submit

        • memory/380-16-0x0000000001470000-0x00000000014D6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/380-21-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/380-20-0x0000000001620000-0x000000000167F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/380-14-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/380-32-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/380-37-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/380-38-0x000000000D670000-0x000000000D6AC000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4652-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4652-1-0x00000000014D0000-0x0000000001536000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4652-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/4652-12-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download