Overview

overview

7

Static

static

3

6851702a3e...a9.exe

windows7-x64

7

6851702a3e...a9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2024 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6851702a3e20c3c5d7833048f6f29ba9.exe

  • Size

    907KB

  • MD5

    6851702a3e20c3c5d7833048f6f29ba9

  • SHA1

    34014011c77f489727f636f3d969344f6ccb108d

  • SHA256

    797d724475713a22223cedcfd8314655924e063fe2e16f17d0bb31782e815c13

  • SHA512

    3f0261a4a717c33164c5da8e28db691ff498f392b674b5f37277425c140f03cd76753385cb57ba4bb9a264d3de974d265eec4e0e2567ed2f3044edced807b716

  • SSDEEP

    24576:2kuvVvFOMnTohtwcnCQlIIrZtdGAa/ZS1:PutAy4twcpjHPgS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6851702a3e20c3c5d7833048f6f29ba9.exe
    "C:\Users\Admin\AppData\Local\Temp\6851702a3e20c3c5d7833048f6f29ba9.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Users\Admin\AppData\Local\Temp\6851702a3e20c3c5d7833048f6f29ba9.exe
      C:\Users\Admin\AppData\Local\Temp\6851702a3e20c3c5d7833048f6f29ba9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6851702a3e20c3c5d7833048f6f29ba9.exe
    Filesize

    907KB

    MD5

    b510a1c40154d03e18cff133937d49dd

    SHA1

    cecfb77dce5e261ee9d73579e3dfc3c580407eaa

    SHA256

    f8471c871cb6689ef1f134b745ee36c822935c2954cd594e5511707a9fa9ecfb

    SHA512

    fb50c6b50d722dbff1bd0b5d58f7d4b969a43132da0deb0998607559bf7b6b79ba54e2e1eb63003a09fcdf703f14b4973e9b0a77cfe0d173a1c4863b68032239

    Download Submit

  • memory/1276-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/1276-1-0x0000000001690000-0x0000000001778000-memory.dmp

    Filesize

    928KB

    Download

  • memory/1276-2-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/1276-11-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/4896-13-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4896-14-0x0000000001780000-0x0000000001868000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4896-21-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/4896-20-0x0000000005140000-0x00000000051FB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/4896-32-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4896-35-0x000000000B820000-0x000000000B8B8000-memory.dmp

    Filesize

    608KB

    Download