Overview

overview

7

Static

static

3

6444c112d8...1d.exe

windows7-x64

7

6444c112d8...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 02:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6444c112d8ead1762ef67a3bd5d0871d.exe

  • Size

    82KB

  • MD5

    6444c112d8ead1762ef67a3bd5d0871d

  • SHA1

    2fba64f181175d948958ff6281718a95f6017cde

  • SHA256

    94f365cb355d7a7360bbd02fce7d4711842efcdb8e8711749183a4c9a748f56e

  • SHA512

    5803656e7e2c3d1c6f6482ec24057cb5a0b8e09d9e8633c033006b3e7318f1821f07e1bdc99cf872b88c9a9608e896f6b319d7eb3c03b161d6df2a2b4772f674

  • SSDEEP

    1536:M2LLXDhzh5tMhb0Sn2Kyy5lE55hmM6jTC9wZXWwW5zT1CDJgJ31:1nDJqwSn2KyyI5hmM6jTMsWwITYDJgJF

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6444c112d8ead1762ef67a3bd5d0871d.exe
    "C:\Users\Admin\AppData\Local\Temp\6444c112d8ead1762ef67a3bd5d0871d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\6444c112d8ead1762ef67a3bd5d0871d.exe
      C:\Users\Admin\AppData\Local\Temp\6444c112d8ead1762ef67a3bd5d0871d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2836

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\6444c112d8ead1762ef67a3bd5d0871d.exe
          Filesize

          82KB

          MD5

          c2d73fcbd6a51069066594a7ff22d737

          SHA1

          fcefaf4c3823b4892e5f0333495ab9a87c4b0e6c

          SHA256

          2edde4218a9a592c386f762700d30effee5301577721e26f1015d94c030c2849

          SHA512

          b4eb59bfa495b687f4ec3e92520ad0ac2d9185a04ff05b581030e31ab78712d74cdaea371dc3a93b67e0c69423b3d81e2acbb5fdeed372d7587d1fb12dacdf1f

          Download Submit

        • memory/1968-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1968-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1968-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1968-12-0x0000000000210000-0x000000000023F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1968-15-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2836-17-0x00000000001D0000-0x00000000001FF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2836-23-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2836-28-0x0000000000330000-0x000000000034B000-memory.dmp

          Filesize

          108KB

          Download