Overview

overview

7

Static

static

3

5931b3da3f...8c.exe

windows7-x64

7

5931b3da3f...8c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/01/2024, 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5931b3da3fd4aa31dd4ea470a121c78c.exe

  • Size

    385KB

  • MD5

    5931b3da3fd4aa31dd4ea470a121c78c

  • SHA1

    67b5e382543740155128e33b62b16c99f196ac4e

  • SHA256

    fe8fdcb176e6939517e7b9172a746f8cce7d50dd5118fad49cd5e99397092378

  • SHA512

    543fd10ccf038b9fe2889474cfd9d6cc95e0b7019ac2bad7ec60f29daa09b4dee26758fa34a9bb45d728ea9fefb4543e8057bf9097e35042d357942c1a4ba60a

  • SSDEEP

    12288:q1u2wCspGOsxSKc9b+E5QpcPADwiwXo/8QoWB:Gu2wCspRs0vNwE3FY0QDB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5931b3da3fd4aa31dd4ea470a121c78c.exe
    "C:\Users\Admin\AppData\Local\Temp\5931b3da3fd4aa31dd4ea470a121c78c.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4424
    • C:\Users\Admin\AppData\Local\Temp\5931b3da3fd4aa31dd4ea470a121c78c.exe
      C:\Users\Admin\AppData\Local\Temp\5931b3da3fd4aa31dd4ea470a121c78c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5931b3da3fd4aa31dd4ea470a121c78c.exe
    Filesize

    385KB

    MD5

    32d1dd793b62cf4b08d28b24396cdfa4

    SHA1

    eaf9af1eed199ce3206a399cf073a3b9c13062e4

    SHA256

    2de632ada9c45e39cf230f423a11543effa2ab4b88c9b84ff6e756254571cba2

    SHA512

    869a0e192ffe97ec2e1c367b59b877e39cdaf04dbc5737a80c1a2c9d99a6a4a0a1a0d03c51d9bc72c4a5e12846c7119e662835c6e5153ce43288e5bbfc16baf4

    Download Submit

  • memory/4424-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4424-1-0x0000000000180000-0x00000000001E6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4424-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4424-12-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4924-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4924-14-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4924-20-0x0000000004EA0000-0x0000000004EFF000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4924-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4924-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4924-34-0x000000000C640000-0x000000000C67C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4924-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download