Overview

overview

7

Static

static

3

5b752a1447...5c.exe

windows7-x64

7

5b752a1447...5c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-01-2024 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b752a14475433d28cd50f3567d1965c.exe

  • Size

    907KB

  • MD5

    5b752a14475433d28cd50f3567d1965c

  • SHA1

    dfdf8d3d98444af07a9abd04260708f1c810fae1

  • SHA256

    58c7e8ae925e284b82015022ac20d7f4ce81b727539e3c723f045319a9723950

  • SHA512

    80f94b5c5efc8042485ae91bd9d5861acf71069b9e9b4f1e39fd410427a1e93d82b7283dd9509054159e2079c65d5db6748f3df05eb036a76cc8c83afc0c4afa

  • SSDEEP

    24576:KwfRgWY3fOKpKcH36Bmhph3SI0sE656a/ZS1:Xf9DJadhpNEs6gS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b752a14475433d28cd50f3567d1965c.exe
    "C:\Users\Admin\AppData\Local\Temp\5b752a14475433d28cd50f3567d1965c.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4944
    • C:\Users\Admin\AppData\Local\Temp\5b752a14475433d28cd50f3567d1965c.exe
      C:\Users\Admin\AppData\Local\Temp\5b752a14475433d28cd50f3567d1965c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5b752a14475433d28cd50f3567d1965c.exe
    Filesize

    835KB

    MD5

    bc5649a0723544f0f32132ba976a9989

    SHA1

    f37e780e2fe8e41b316b11c15c07831b096d2388

    SHA256

    79f4c58341bd03b1f035cfd85a8304d67264a80b94a5d6235ea95c3313708bec

    SHA512

    fa07c8b1c435343b7e2349da3c98af3fe0ac97b773e4f303ab24329ea42de8dd9a43d25ea6440ae925e7bf1eff794236f5ea4574fbfd2509167990dd94fe0bfd

    Download Submit

  • memory/4828-13-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4828-16-0x0000000001700000-0x00000000017E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4828-20-0x0000000005070000-0x000000000512B000-memory.dmp

    Filesize

    748KB

    Download

  • memory/4828-21-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/4828-36-0x000000000B800000-0x000000000B898000-memory.dmp

    Filesize

    608KB

    Download

  • memory/4828-30-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4944-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4944-1-0x00000000017D0000-0x00000000018B8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4944-2-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/4944-11-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download