Overview

overview

7

Static

static

3

739593e031...f7.exe

windows7-x64

7

739593e031...f7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 03:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    739593e031c30ee9f922f846e0e720f7.exe

  • Size

    1.9MB

  • MD5

    739593e031c30ee9f922f846e0e720f7

  • SHA1

    845e29fc0e8063355b7f49474e9d9c96a4c78b06

  • SHA256

    4f9b71510fe96a12b125aa24e5f1bd029964fb200a10bf624cfc00983d78f6b3

  • SHA512

    415ec479eaf8f7405bfaf30a9e42009bed3d1c03e05bb1f892f8e63cd7193e8d3a9c2c530c43a1e239fd78957dceaabed38393d61b08959981cf760890b871b9

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dJGeH0I9oavLY2VdloiO/Ygn/N8xI0RMoEvyC:Qoa1taC070dJG7KoazdPEniNRZEZSK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\739593e031c30ee9f922f846e0e720f7.exe
    "C:\Users\Admin\AppData\Local\Temp\739593e031c30ee9f922f846e0e720f7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:508
    • C:\Users\Admin\AppData\Local\Temp\58BF.tmp
      "C:\Users\Admin\AppData\Local\Temp\58BF.tmp" --splashC:\Users\Admin\AppData\Local\Temp\739593e031c30ee9f922f846e0e720f7.exe FB128759B47D195BEA9B0789CADEE6AC1F6D7D131752A3C568A3D4AA486559E3036027FA94B8974CA91FC42F4A34CE9B1A953FF22D5CF872C09D325B2B6E730F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\58BF.tmp
    Filesize

    1.7MB

    MD5

    c638c4f41623501dd1344a325f5a6267

    SHA1

    8a73d029fcfa3f4125144af608c063949c9d739d

    SHA256

    9c0181fe6e18c00e50119f4d621383e2ab90104b31aec69049e93a89212aac1f

    SHA512

    f0a6181a9a98161842dd6671626f536354b949aabc6e7def88c1784eac5d2de6ed9280daa6d58c7269a26b237cf7854374a8b4ce8b9d26592fed7adc1544c75a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\58BF.tmp
    Filesize

    1.6MB

    MD5

    03ae3abf54d63119a4d9e86df55b7c4f

    SHA1

    a4b4930b9da68c5af62b3ea4d60a3375a03c116c

    SHA256

    13e6a63fc045816f544686515cbed677f1245f7f3e0b8c5745e7fbc7b4ca84a4

    SHA512

    8e6421cd3c10e71495445e73357206abc3d82e1ada722070833b3d93680e0a9b23910ffa0814d96fd2e8836aac1e32eb0f47762d19920fb65f06e404fa64a929

    Download Submit

  • memory/508-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5024-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download