Overview

overview

7

Static

static

3

575bfc8092...12.exe

windows7-x64

7

575bfc8092...12.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 19:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    575bfc8092b1b50d958c4a8468c44212.exe

  • Size

    57KB

  • MD5

    575bfc8092b1b50d958c4a8468c44212

  • SHA1

    e7d2cef7e19f85999add3a3f652226b519104d54

  • SHA256

    c8ea34762da02838fa90509c152e65ffa2dcfe66ba12d114f4f6b8049d4eb91a

  • SHA512

    8dbfc2d0ce5d59b1af0babe54d0b3901fb82ece148ecc31978e6af76f4b3aa83b3f1257f1db5825186189b9d58ed77b7d15c107dec5d1f8351f33e44d50261f5

  • SSDEEP

    1536:AfXYVM/xmn0mzxJGyPdvHpns0C2yRVaFEu2B6Y:AfVD2xJvPdfpHRyRcFev

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\575bfc8092b1b50d958c4a8468c44212.exe
    "C:\Users\Admin\AppData\Local\Temp\575bfc8092b1b50d958c4a8468c44212.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3960
    • C:\Users\Admin\AppData\Local\Temp\575bfc8092b1b50d958c4a8468c44212.exe
      C:\Users\Admin\AppData\Local\Temp\575bfc8092b1b50d958c4a8468c44212.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4588

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\575bfc8092b1b50d958c4a8468c44212.exe
          Filesize

          57KB

          MD5

          ca86568d90bbf03f65883edacce9b2c2

          SHA1

          3de2fd71591330863f11ccdda4bad8afb6743afb

          SHA256

          792c8bd874e3a0ed2ae2f0f84f6746fd966117de5eb90ae7364f96a99edd05bb

          SHA512

          2b9edea01d7d96b2bf8545d530c5213910dcdd521a54673042ebec0c7f6c1366bd2333c853df87e39fd870c65dad8af240109af3119555f05677d25137843485

          Download Submit

        • memory/3960-0-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/3960-1-0x00000000001B0000-0x00000000001DC000-memory.dmp

          Filesize

          176KB

          Download

        • memory/3960-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3960-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4588-13-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/4588-14-0x0000000000190000-0x00000000001BC000-memory.dmp

          Filesize

          176KB

          Download

        • memory/4588-15-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4588-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4588-23-0x00000000014D0000-0x00000000014EB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4588-26-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download