Overview

overview

7

Static

static

3

689439339d...b0.exe

windows7-x64

7

689439339d...b0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2024 20:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    689439339d98dce51d85169955eb44b0.exe

  • Size

    6.7MB

  • MD5

    689439339d98dce51d85169955eb44b0

  • SHA1

    2efdb12a112b29a374a765b578f7e0bf6ca6ad66

  • SHA256

    b85fcdf5726ba75b66f4a59b31db61a2e8c75a9c3752ad467f3d3fdcf078ae90

  • SHA512

    b298e48d50a88723d4db35731a812a17f7041469271f3d2f50c97b8f6fce6335b7b877166a1b5ae7cc02c40b0402a63d0184043d351912bca5b1e8de51d76c4d

  • SSDEEP

    98304:F0MWgdriC3xtWAkMyfztlhNrYpFRTlDM2Rm0VT3FtBQP/Qonexpj:azqjyMch8vlDuoVtKPI9B

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\689439339d98dce51d85169955eb44b0.exe
    "C:\Users\Admin\AppData\Local\Temp\689439339d98dce51d85169955eb44b0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3284
    • C:\Users\Admin\AppData\Local\Temp\is-B3LM3.tmp\is-0QUDF.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-B3LM3.tmp\is-0QUDF.tmp" /SL4 $A004E C:\Users\Admin\AppData\Local\Temp\689439339d98dce51d85169955eb44b0.exe 6811626 51200
      2⤵
      • Executes dropped EXE
      PID:1648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-B3LM3.tmp\is-0QUDF.tmp
    Filesize

    610KB

    MD5

    365e4b9988123eef3955a4fb28a9be93

    SHA1

    f2eacd886960eca81ba4c1e1e82f9e70711c296d

    SHA256

    cc85b7b90d427ca6f3b4c25593368bce1337eb475207aeed1ae2f9721b2370f9

    SHA512

    07f90c47216af13b0c059a08e226e3cf3de452f562fb40778195ce82344f6d2e17adc2a3456f618e508fcf1add5348685171ee7c0ec3fefdff327633e63b2991

    Download Submit

  • memory/1648-7-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1648-12-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/1648-15-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3284-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3284-2-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3284-11-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download