Overview

overview

7

Static

static

3

73c9ae0f53...2b.exe

windows7-x64

7

73c9ae0f53...2b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73c9ae0f53fc7dd4e9943f213f494a2b.exe

  • Size

    771KB

  • MD5

    73c9ae0f53fc7dd4e9943f213f494a2b

  • SHA1

    80f7e42cce52ca574c4a57080c4a0ee8738f41b7

  • SHA256

    d4a8ad165d63cdda98ffc0f60db7f484e9a86fb5a00a0c1dee3867425a08196e

  • SHA512

    f1477998219caf654f9390c8a096f9b0dbcaab3241c0a5fb7602f4c91f9d22c55f90c5bac09abb5a0bd023c53c32ef51a2c2bdab70fd5febe4f07100251dafac

  • SSDEEP

    24576:6TxUBDrcNO4n0Csb10hJaothZ2/T6FBBB:gx2AN3E/ofT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73c9ae0f53fc7dd4e9943f213f494a2b.exe
    "C:\Users\Admin\AppData\Local\Temp\73c9ae0f53fc7dd4e9943f213f494a2b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Users\Admin\AppData\Local\Temp\73c9ae0f53fc7dd4e9943f213f494a2b.exe
      C:\Users\Admin\AppData\Local\Temp\73c9ae0f53fc7dd4e9943f213f494a2b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\73c9ae0f53fc7dd4e9943f213f494a2b.exe
    Filesize

    771KB

    MD5

    f0dd27b01289a064ad2d45d629a941f7

    SHA1

    2c1ebd651280fe97ebbf8b8f6063b0c8c0d36169

    SHA256

    a71df28aac8aaa311c5fdfb9446a58f44ab602f0fcab15ac2c0b1f6bc7a01a1b

    SHA512

    687843fafba3ecde51b1fa01aed3739255fc35cd4b415745736d41f32d6eb90c486fa742c7851b032c253eef9b3f6de2accc0299df50ce62a26527053d215106

    Download Submit

  • memory/1912-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1912-1-0x00000000014D0000-0x0000000001536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1912-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1912-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3704-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3704-15-0x00000000014D0000-0x0000000001536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3704-20-0x0000000004E80000-0x0000000004EDF000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3704-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3704-32-0x000000000B600000-0x000000000B63C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3704-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3704-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download