Overview

overview

7

Static

static

3

54a7ec0cd5...3d.exe

windows7-x64

7

54a7ec0cd5...3d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/01/2024, 02:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54a7ec0cd5f2250dff97aa561b3e573d.exe

  • Size

    1.9MB

  • MD5

    54a7ec0cd5f2250dff97aa561b3e573d

  • SHA1

    294fc74e9753b38264f7fac72d92d0a7a0a87629

  • SHA256

    f97060d769ac71cf23414d4a2dd507c6d614b0c33abd11335d0d907e2d87ab78

  • SHA512

    db453227d3a7d510dc91996551fc3e6547a532edc54a8205c56f207e55010d3d6df53bcf47af448bcf1b222833ab5c0cf024e3208cf16f7dec3d9989605c2c01

  • SSDEEP

    49152:Qoa1taC070d70LhZVeEzyoqYXYkjZoD+lXMT:Qoa1taC0Dn/1HVoKlXg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54a7ec0cd5f2250dff97aa561b3e573d.exe
    "C:\Users\Admin\AppData\Local\Temp\54a7ec0cd5f2250dff97aa561b3e573d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Users\Admin\AppData\Local\Temp\4371.tmp
      "C:\Users\Admin\AppData\Local\Temp\4371.tmp" --splashC:\Users\Admin\AppData\Local\Temp\54a7ec0cd5f2250dff97aa561b3e573d.exe 4FD7AA4E41A33BF294D771157FF986DB55B2A3D97F0AB4F2EB405239513BC47DFD0ABE0A12E34398E7E62933954358F662ACB2AB4DEE61308D49E6B0A24BF44B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4371.tmp
    Filesize

    1.2MB

    MD5

    d164d4d9910a9251d7600325b13790c0

    SHA1

    1ff470461bf66c73b7c4357e5e775dd66cad6357

    SHA256

    4c8778a17749409265006f395237f4f76d42af18ce6404b71723954d2d6f61b2

    SHA512

    5a0fca4324af8200482a4c1775fb88e8b603afb8b91e0c631611f74e58392320af14ee87cfdf8e6c20f2e93718cc398eb62a496cbbe0f87d49ecd2c2cb021f70

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4371.tmp
    Filesize

    1.3MB

    MD5

    44453cf3dce3310963cfe889d855b8ad

    SHA1

    85e8d864a641cdc0e3517b34f385e9da52f47d42

    SHA256

    c40ac893edfc40532ceb3a6a5c85fe73fd8d78a955738e6077bf053a73b1c24a

    SHA512

    8b1a99c077360e57b6331a18432aebcca1a3a9c77905e61d7c9f08e537cd428f52a1a82370e1bbe05effd07dfe50a93cd1fc18413ec6eb6f4733315652e4b40f

    Download Submit

  • memory/1252-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3440-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download