Overview

overview

7

Static

static

3

5aa0d047d5...ee.exe

windows7-x64

7

5aa0d047d5...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14/01/2024, 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5aa0d047d549c9e84d0f157b4846fdee.exe

  • Size

    1.9MB

  • MD5

    5aa0d047d549c9e84d0f157b4846fdee

  • SHA1

    850ec23e69bd2d43c7cc470aa431120623f4f0b3

  • SHA256

    3239f73461ff05b9f4518dd124e7d61c1650aff55ccdb4ce528f08cda8dcdf89

  • SHA512

    654e1400f959c5ec6baab5cabe38d89c6a5488bfb152f17e3a6657cb3ef2916538c5f9385aa1be00c2c9f789ed339ab595c3269886f48157f94f6cdf8246c6d3

  • SSDEEP

    49152:Qoa1taC070da6ISdMpLv2PxuWR0R6r90fQzb:Qoa1taC0PASsxuyAE

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5aa0d047d549c9e84d0f157b4846fdee.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa0d047d549c9e84d0f157b4846fdee.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Users\Admin\AppData\Local\Temp\47E9.tmp
      "C:\Users\Admin\AppData\Local\Temp\47E9.tmp" --splashC:\Users\Admin\AppData\Local\Temp\5aa0d047d549c9e84d0f157b4846fdee.exe 7D9A11EF99930E6F53B4E04838927A1C74E1CA0072830FB6745B8AE3669383093F9F36793BA2A1A781A4EE21621B0F59CAC20A212B172E099B7BA93BE850A4BC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\47E9.tmp
    Filesize

    1.9MB

    MD5

    58f7e3d3a304e4458dfcb2489b6bac98

    SHA1

    b72a4c8de3be7dde131d17938449b245fd5c54e6

    SHA256

    ec4989289a2a50cbbd536a8aa79d695f69c0a09e58ae2fe74e428914e942cda9

    SHA512

    4b5953970592dde882e87784b44d44afa33e60b5fd99aea05df00633d10a2e5ca43646e14a6220de46e82ef85cf66c7ee5bfcb36f4c909b6c901962e6a174532

    Download Submit

  • memory/1308-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2192-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download