Overview

overview

7

Static

static

3

60ec4f5040...a7.exe

windows7-x64

7

60ec4f5040...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60ec4f50407678fd87ed94d8c3c256a7.exe

  • Size

    1.9MB

  • MD5

    60ec4f50407678fd87ed94d8c3c256a7

  • SHA1

    08cc4250cd1aaa6ca072119301035a488f30eb8b

  • SHA256

    271d96ddad86ff872b44ba88f31218ac98c6280fa3a4aafe20bd7814b58cc59e

  • SHA512

    b5ba0e3021cc4715dc35ff0854be877cfe34454b1173fb817edeb89be1aee520693ca0fd2955063381919ac4a9e15b3e70e496788bddd6e8934bfccaa1772875

  • SSDEEP

    49152:Qoa1taC070dZ3RFnKqZN0lKuBdVibd/O6pNkPX:Qoa1taC0C3HkrVibU6iX

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60ec4f50407678fd87ed94d8c3c256a7.exe
    "C:\Users\Admin\AppData\Local\Temp\60ec4f50407678fd87ed94d8c3c256a7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Users\Admin\AppData\Local\Temp\FDDF.tmp
      "C:\Users\Admin\AppData\Local\Temp\FDDF.tmp" --splashC:\Users\Admin\AppData\Local\Temp\60ec4f50407678fd87ed94d8c3c256a7.exe C3512B90483F4E3503C7FDC265794D61CE2CAF3EAF48FF2DAD64CA641A248E090E4BECC061A19562A021274BC0A4EB453E00D8B3F70604708731B97C5E47F2E3
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\FDDF.tmp
    Filesize

    1.9MB

    MD5

    388beb8d56919e01b693342f0bbcc15c

    SHA1

    1d0f311d57e68515399e00b3572ff4cdf3effa3e

    SHA256

    e7b299aeb16cb5d968cfea0f106a69cfd3f022dd4062863e90112e1e9da26096

    SHA512

    e34e5ea8c630d5f4f83c2088ace5dd15396321d77044a00126df63d3cec00c6d25ca58fa487112ca20f976ea2d996a6a78c6faae38c1db38a0c540a26953c934

    Download Submit

  • memory/1696-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2668-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download