Overview

overview

7

Static

static

3

6663f58ab8...73.exe

windows7-x64

7

6663f58ab8...73.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 00:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6663f58ab882da7cee36b7191fc68c73.exe

  • Size

    385KB

  • MD5

    6663f58ab882da7cee36b7191fc68c73

  • SHA1

    34b2dea8ec5a0c05ad1968ba26a46e2c967b90d3

  • SHA256

    4468f6c8f8ae74d4a1003ac763ec6b0be96dccdaa511e5d7eecfa72161a2b374

  • SHA512

    3a3b5f59fa4868368547c88b79e828ac70bebb8b84e6bc5947b407df958e78017ca99e40cafccf2f4152fddf07146c23efaf5e013a8ca93f042c141cbc7f1c7a

  • SSDEEP

    12288:NcAJZDZfVcPxJspYPmF/FzlcnJxQz2rD5YWfQv+i9veB:NcGZVcnm9gnPQyr9YWfK9GB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6663f58ab882da7cee36b7191fc68c73.exe
    "C:\Users\Admin\AppData\Local\Temp\6663f58ab882da7cee36b7191fc68c73.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Users\Admin\AppData\Local\Temp\6663f58ab882da7cee36b7191fc68c73.exe
      C:\Users\Admin\AppData\Local\Temp\6663f58ab882da7cee36b7191fc68c73.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2240

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\6663f58ab882da7cee36b7191fc68c73.exe
          Filesize

          385KB

          MD5

          154eaea574d191fbd4f7d4e4b4f1cbed

          SHA1

          09b1c48ae696da0ef7d24011b45b7d1772527839

          SHA256

          cfdac6eb58c1243ba8c33c272ba468ef859471d75de10e323b4f78a96e9a825f

          SHA512

          d8f44992712721a9fa3c8f1b7a8768b633503a144536f63a5391a0090a980b304a7c2b5ecc44ac4033b7879242866fd2b7b8beecdbedeba791667a29ed968c49

          Download Submit

        • memory/1844-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1844-1-0x0000000000170000-0x00000000001D6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1844-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1844-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2240-13-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2240-16-0x0000000001620000-0x0000000001686000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2240-20-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2240-21-0x0000000004E80000-0x0000000004EDF000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2240-30-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2240-35-0x000000000C640000-0x000000000C67C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2240-36-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download