Overview

overview

7

Static

static

3

64941abc47...69.exe

windows7-x64

7

64941abc47...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 05:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64941abc47aa0604d6b7f8aeee7b6869.exe

  • Size

    1.5MB

  • MD5

    64941abc47aa0604d6b7f8aeee7b6869

  • SHA1

    cb09fe7cae6ac0922d25889d126e6ace6a629914

  • SHA256

    47b06bc0366da1fc9d6c21158ed227fbf6e42890091517f6a36765eefbf53680

  • SHA512

    08a117147ecea565b1a4a9e1f2f843ae330f66ab2288119adec652b8eb114d946b61c4c0553d8d5d49eeada5705fcaf4d883eade1961cf44f8ce5a6a60dda06e

  • SSDEEP

    49152:lrq0R07QQmi1hEwaeomv9pJJ7mfOGqRlzsnm4:hq0+7phFoS97hLG1m4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64941abc47aa0604d6b7f8aeee7b6869.exe
    "C:\Users\Admin\AppData\Local\Temp\64941abc47aa0604d6b7f8aeee7b6869.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Users\Admin\AppData\Local\Temp\9415.tmp
      "C:\Users\Admin\AppData\Local\Temp\9415.tmp" --pingC:\Users\Admin\AppData\Local\Temp\64941abc47aa0604d6b7f8aeee7b6869.exe 26091D488AFBACF3A6422B20E831B9177A17CB8E3547302A2177548910E141AE462C7DCA556FB346964BA61C1DA626C6171F68BDD9754D36BDAFD16783E733D3
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\9415.tmp
    Filesize

    1.5MB

    MD5

    e822dc6ae231adc68d052d5fa36ea6f8

    SHA1

    4538d799b313dd820ed1302df3d308be2648c60d

    SHA256

    4bb1c74f9a3ed5add37382b48acbe261816a24af7fa7508e93f0d3470ceb4510

    SHA512

    a8193154e92ec4464359a92b9c16641ef303ef554b0d7ffb7a13b87cc3354dead83192c2e4366da7bb64ca66c98e46886c157df47d61d318d686f0a4f7c33e22

    Download Submit

  • memory/1892-8-0x0000000000130000-0x00000000001AA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/1892-9-0x0000000000A60000-0x0000000000C2E000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2180-1-0x00000000002C0000-0x000000000033A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2180-0-0x0000000000F40000-0x000000000110E000-memory.dmp

    Filesize

    1.8MB

    Download