Overview

overview

7

Static

static

3

71edc658e2...ce.exe

windows7-x64

7

71edc658e2...ce.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2024, 09:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    71edc658e258b45292770298c64a72ce.exe

  • Size

    82KB

  • MD5

    71edc658e258b45292770298c64a72ce

  • SHA1

    fce861db8ea985167e240eb7e4cf545602b98750

  • SHA256

    9a3f7dcc05e2331fca1471ed6444984aef5e1c89ec7b972deff782b9f782c15c

  • SHA512

    d56759eca2ffb857dd4145cb4093b9dabce24f0ddbb1b91ae0b52c10b5aaa472bd061f2c6f96d562d4354f824118f71655ecc54f08828fa7435b76a89acb7da8

  • SSDEEP

    1536:rer43SJ+zrcs/eSh8l3ZlGpoaE+tTGgcn5cFUzP1MplTbBh:rerPSh8qpoaPtT7f0YdBh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71edc658e258b45292770298c64a72ce.exe
    "C:\Users\Admin\AppData\Local\Temp\71edc658e258b45292770298c64a72ce.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2800
    • C:\Users\Admin\AppData\Local\Temp\71edc658e258b45292770298c64a72ce.exe
      C:\Users\Admin\AppData\Local\Temp\71edc658e258b45292770298c64a72ce.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2056

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\71edc658e258b45292770298c64a72ce.exe
          Filesize

          82KB

          MD5

          ef47ddf78b7bba63d2f362c3a9452bbc

          SHA1

          e5661a686d8105ba47f430ef52d9396322c20505

          SHA256

          9b680a041249ebf8392642b4a480c31c345cf5aa0372faf1e7341aee9557f54c

          SHA512

          b7f83a3aff330dff62fa4ae7f4840fb9306dda92060c05421143f29566752bf59996f405f8cd0ebde42f795e29fa36ace55b79a74754c503b31e9d8266c90981

          Download Submit

        • memory/2056-17-0x00000000002E0000-0x000000000030F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2056-23-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2056-28-0x0000000000320000-0x000000000033B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2800-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2800-1-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2800-7-0x00000000001C0000-0x00000000001EF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2800-12-0x0000000000210000-0x000000000023F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2800-15-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download