Overview

overview

7

Static

static

3

577a36d67a...aa.exe

windows7-x64

7

577a36d67a...aa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/01/2024, 00:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    577a36d67a71d92a01366eea0423bbaa.exe

  • Size

    1.9MB

  • MD5

    577a36d67a71d92a01366eea0423bbaa

  • SHA1

    d65186f9058c3f37738789e7a15fb387a3d7b177

  • SHA256

    fef15561ed4ba7bac7ec64f6647017b68c6d25e65a502a5be9371b39412a38e2

  • SHA512

    3458ffae79173c638b6377ff7a0358cbf9dc9638db58d0a90648e8295972d22f04e4624ed41f47464aea40fc1bca1fe8fe253763aba34bf94d8ab33c3fe2ba3c

  • SSDEEP

    49152:Qoa1taC070dcNXFRQaw5KFYDXxRga3e34x:Qoa1taC0fWZCYNuRS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\577a36d67a71d92a01366eea0423bbaa.exe
    "C:\Users\Admin\AppData\Local\Temp\577a36d67a71d92a01366eea0423bbaa.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4680
    • C:\Users\Admin\AppData\Local\Temp\3582.tmp
      "C:\Users\Admin\AppData\Local\Temp\3582.tmp" --splashC:\Users\Admin\AppData\Local\Temp\577a36d67a71d92a01366eea0423bbaa.exe 7B5F815BCE5B5E8FDE0D9EAFB3B7308A7CEE16369D2DB6D782E823400E09993D3BFC828283AC041A4FEF8CA93AB7FF411FF59CFC2EBA895A56C2ED96055364BC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3582.tmp
    Filesize

    1.9MB

    MD5

    aa379abea1e91a2f2e56239a2ed8a87d

    SHA1

    46c37637ef887b9f257abc6584c40e2d4139f392

    SHA256

    41a05de5e405e01c7de4c010e604cc97911c983e74588e2e1720edbca0d61d4b

    SHA512

    e49c97a471bff93063c70c833200669cd3c295e0b92d70789385b3190a068ffe9209c5a6ea45db165232a4a10a4c5492d765807a5962817e071cd713b5fc8138

    Download Submit

  • memory/4512-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4680-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download