Overview

overview

10

Static

static

3

74f42c6a3b...84.exe

windows7-x64

7

74f42c6a3b...84.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74f42c6a3baa806243b8f0c9155e2b84.exe

  • Size

    82KB

  • MD5

    74f42c6a3baa806243b8f0c9155e2b84

  • SHA1

    41aa7d0b4e0f2e2108e402ff41c0f651f45253f2

  • SHA256

    86aae9883aa73e79cb571f3eff548f3c31f225db13a01b0a9f8de92c7a384c9b

  • SHA512

    2e99d1b53e81a62bb200461781ce74e2fa6ee154bd8c24cfb2eb154ad2ac205ef2865dd48bb3e0f78b1999c034bbfaf016d57bacaa467cd3bba7b4c9631a86b2

  • SSDEEP

    1536:Q13X0P/eR9hYpfQgUSr+5djCbkQhn5YPphNolGKv:Q1nE3US65lCbT+hhGos

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe
    "C:\Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe
      C:\Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe
    Filesize

    82KB

    MD5

    b21055ed26e7be81bbe3d592b17e2d27

    SHA1

    5e2091723f9be86e21ad03e4f3d283e0c70363c9

    SHA256

    871c28230a06abbcb13b7b7e0f20f00850b859b6c6a2c51bc1f53b60c19a6dee

    SHA512

    5acd1ea9ac831f6a1c0968a7c19168fd2d1488bb24d3c39317fa557a7b396854387d2c35ad56c206273f51e2aacb95fc94a261b9e4dba1bc087a410a9d6bc37b

    Download Submit

  • memory/2872-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2872-2-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2872-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2872-12-0x0000000000240000-0x000000000026F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2872-16-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3048-22-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3048-27-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3048-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

    Filesize

    108KB

    Download