Overview

overview

7

Static

static

3

75a6556c9d...58.exe

windows7-x64

7

75a6556c9d...58.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 22:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75a6556c9d9ca59d1301893f8202bd58.exe

  • Size

    488KB

  • MD5

    75a6556c9d9ca59d1301893f8202bd58

  • SHA1

    da436603d6c8e770107da7d17a0be839c28bc75b

  • SHA256

    4e6b8e836e43d66c0c364bd3665e7a7cc22b276147d83d3342f908a05c65e7fa

  • SHA512

    def423889da5d57a5ec5ce316006db119e5071cce242abaeb704f0711b1bbb4e06a69eb3cd94ab8853093157b515ea7198de7353d2af894f4f2b660552e6aaf3

  • SSDEEP

    12288:5T7lN5YkS8fd4SpNE+t1BBlSVYnNNLeFjI8hTS1vD8juPRPcklrJ0E/LoWyCpvGg:5T7lE9418VtA88PjB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75a6556c9d9ca59d1301893f8202bd58.exe
    "C:\Users\Admin\AppData\Local\Temp\75a6556c9d9ca59d1301893f8202bd58.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Users\Admin\AppData\Local\Temp\640e91f3-5a26-4268-a494-aefd40beb69b\Windows ÈÎÎñµÄÖ÷»ú½ø³Ì
      "C:\Users\Admin\AppData\Local\Temp\640e91f3-5a26-4268-a494-aefd40beb69b\Windows ÈÎÎñµÄÖ÷»ú½ø³Ì" /r
      2⤵
      • Executes dropped EXE
      PID:532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\640e91f3-5a26-4268-a494-aefd40beb69b\Windows ÈÎÎñµÄÖ÷»ú½ø³Ì
    Filesize

    488KB

    MD5

    75a6556c9d9ca59d1301893f8202bd58

    SHA1

    da436603d6c8e770107da7d17a0be839c28bc75b

    SHA256

    4e6b8e836e43d66c0c364bd3665e7a7cc22b276147d83d3342f908a05c65e7fa

    SHA512

    def423889da5d57a5ec5ce316006db119e5071cce242abaeb704f0711b1bbb4e06a69eb3cd94ab8853093157b515ea7198de7353d2af894f4f2b660552e6aaf3

    Download Submit

  • memory/532-8-0x00000000015F0000-0x00000000015FC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/532-9-0x00007FFFDF190000-0x00007FFFDFC51000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/532-10-0x000000001BC50000-0x000000001BC60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/532-12-0x00007FFFDF190000-0x00007FFFDFC51000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/532-13-0x000000001BC50000-0x000000001BC60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4980-0-0x0000000000100000-0x0000000000180000-memory.dmp

    Filesize

    512KB

    Download

  • memory/4980-1-0x0000000000990000-0x00000000009A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4980-7-0x00007FFFDF190000-0x00007FFFDFC51000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4980-11-0x00007FFFDF190000-0x00007FFFDFC51000-memory.dmp

    Filesize

    10.8MB

    Download