Overview

overview

7

Static

static

3

599e0f0f6b...2b.exe

windows7-x64

7

599e0f0f6b...2b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/01/2024, 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    599e0f0f6b8edda28468b6fc6b785e2b.exe

  • Size

    1.9MB

  • MD5

    599e0f0f6b8edda28468b6fc6b785e2b

  • SHA1

    231fc9a21b012a320b0bb6ef9b3b65f54f42d062

  • SHA256

    f2a8f84768bc76a3468607444dc4aaf6298763fff6e6936b07298635cf21c036

  • SHA512

    7ce9fdc2246b6f493473fd5459f11fb47ae083b3b636363fb3d2b50c9621101cb0f0ea31971f39aa5374aa0cc9509cab199c4a906dd2da315a8ebd9635b9b913

  • SSDEEP

    49152:Qoa1taC070dNpVer6Ur23gTcP3jw03Vpk1P1DsYHO:Qoa1taC0y726023C5VPpsYu

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\599e0f0f6b8edda28468b6fc6b785e2b.exe
    "C:\Users\Admin\AppData\Local\Temp\599e0f0f6b8edda28468b6fc6b785e2b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Users\Admin\AppData\Local\Temp\84FF.tmp
      "C:\Users\Admin\AppData\Local\Temp\84FF.tmp" --splashC:\Users\Admin\AppData\Local\Temp\599e0f0f6b8edda28468b6fc6b785e2b.exe 935432D0FFC192232D0478C244103F0B5B1D9346D883BDDBFD878FC57819C381010AF21E7F14323B37275A2558148B7ADA644AF1ECD37DD0BAA973864B1A2311
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\84FF.tmp
    Filesize

    1.9MB

    MD5

    7569d4347f57125aba7a35f6a0c47e02

    SHA1

    e835252f2968ffb7398a8a32bdb32aa371ccd94b

    SHA256

    d899314461dd6433337070d61178265ae7cd47c7d598c96f2a7eb376a55b15e8

    SHA512

    f9a0e7cd5911655636571e4020b4cc98238a17a135b2333b6bfcf9803d41016be81396ded66554eaaf1d6212ad88ee492f2fcd157b172c4b12bbf09804b300c2

    Download Submit

  • memory/1484-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2096-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download