Overview

overview

7

Static

static

3

571d54d38a...15.exe

windows7-x64

7

571d54d38a...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2024 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    571d54d38aa36a408013480482bdb415.exe

  • Size

    1.9MB

  • MD5

    571d54d38aa36a408013480482bdb415

  • SHA1

    74b6330a61ad886dcd2381f6306e0077335308ea

  • SHA256

    a7d80591b9edcf6761036b3102c233273b8745188ecfc57967e0447ef2c35a54

  • SHA512

    a584b1a0a3a9c1349d38d95ec9501b66bbda14f6de4d0dabcd59b11117965e4cc991168b54c1dc1fee7e079891c0b8ef5034f94ad0a36f18bb12196866b08ad4

  • SSDEEP

    49152:Qoa1taC070dPIIlpqn8yUqw9aUVEGJv8wUon2XF06v3v:Qoa1taC0s9Tq8h9a5mvzUdXFDf

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\571d54d38aa36a408013480482bdb415.exe
    "C:\Users\Admin\AppData\Local\Temp\571d54d38aa36a408013480482bdb415.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:864
    • C:\Users\Admin\AppData\Local\Temp\4F1A.tmp
      "C:\Users\Admin\AppData\Local\Temp\4F1A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\571d54d38aa36a408013480482bdb415.exe B5F3177164DA76D28B8440A1C3D45B2D8090BDD8DF69744AF54ADB93A021CE1D849A93DAEC5E3263300955F0C5002FFEFD0ACE5569F06696CBF6EB9DE3981826
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4F1A.tmp
    Filesize

    1.9MB

    MD5

    6ed9ce000ddadba1c2eff67d80cb06b4

    SHA1

    91fca3b30b584c3f8c742909ab4c831b31e075e5

    SHA256

    9698a02926defdf60b01016779c1d88a6c1aec5363e01bc4a75cf84cfbe82129

    SHA512

    92faff3e9c8733a7d90c0b2f2be01fedab78e49ae6b7549ee0ffbaca1883965adf170119703c8384d466be81bf2aa577c78f7983094d5c846a9775e7eab39a93

    Download Submit

  • memory/864-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2756-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download