Overview

overview

7

Static

static

3

75c62ebe3a...df.exe

windows7-x64

7

75c62ebe3a...df.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 23:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75c62ebe3ad18244161293e0722006df.exe

  • Size

    1.9MB

  • MD5

    75c62ebe3ad18244161293e0722006df

  • SHA1

    8d6a21abb484f924d025a57bb6f63d5a9e0520f0

  • SHA256

    cceca922a8d208072c53a0bef39b4e4872e22eaa1e6eb5515d5a373b8b26c135

  • SHA512

    52c68b112f7f53ed76822709a7273c9eb5a0aeae51c06370161717408a7d3a5b32731569706b954b7d64ed7eac89e529a4f18c59af20533716feee77ebb07bd2

  • SSDEEP

    49152:Qoa1taC070dGyGlEm7w1sBWWZ9QvzeNDanSD:Qoa1taC0ENmPzQbeNDVD

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75c62ebe3ad18244161293e0722006df.exe
    "C:\Users\Admin\AppData\Local\Temp\75c62ebe3ad18244161293e0722006df.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Users\Admin\AppData\Local\Temp\2397.tmp
      "C:\Users\Admin\AppData\Local\Temp\2397.tmp" --splashC:\Users\Admin\AppData\Local\Temp\75c62ebe3ad18244161293e0722006df.exe E333E14F691DBA92D1CF04B1FF6930D15C93777DA2A890CF0537A0BC0556C09963D738E457530AF48AAB8A8AE14C1CA3BAECA09DE524B97CDDB6AB408D57512B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2397.tmp
    Filesize

    107KB

    MD5

    d64fdf06a065fb3178ac22459701a8da

    SHA1

    9a6c3c843851a29a9197c5bf7213dd020ec81935

    SHA256

    0b55291f7dd84821ea0e3f9c5e0748005a83b7905b8ef40340a6edc81f16705d

    SHA512

    3636bf5415db27bfb07e41643ec6174ae07b17b814238a5b9fb45a8964757607111fbef5e5341836187db1978473267cbd9cb5b9dc92a2e577f1412dd239cc6e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2397.tmp
    Filesize

    261KB

    MD5

    f0e1ca5d2fc91f5fe6db4e820da81462

    SHA1

    ecaba79076a887558b9a6406bd167dea5a98ef5d

    SHA256

    39c703780a74ac1f86545afb138e3ec24ce93401a282b7db532c7717aff533a0

    SHA512

    60b29b91a5b992ffa27ecaf64943a40992b94920bb7c4573d3dc48b3a2753d272ca4e093dd44d59858b6a9383ace2b2d9f8815dd74f1a6e60af87006cf57b1ad

    Download Submit

  • memory/2268-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2376-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download