Overview

overview

7

Static

static

3

755f8af6e4...94.exe

windows7-x64

7

755f8af6e4...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 19:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    755f8af6e4194deae6d54fe68d596a94.exe

  • Size

    1.9MB

  • MD5

    755f8af6e4194deae6d54fe68d596a94

  • SHA1

    1fb84d66d8eb5c8efe0103319f907eed49bef476

  • SHA256

    66e003291fd8cd04ffa51584217589e0f7a0f962a84bb4d4b998de6f8a65909a

  • SHA512

    4bbc6bde8da786442ff607a043e0233725c9c68258ab1aad6abc6df367d11c6e1034985b52d1ee8e324cd10dc3b15a465007861a04a91903d3cedccc480748b3

  • SSDEEP

    49152:Qoa1taC070dvSjFAx01J1mEGVUl/rSmNxsY9aZcJs/:Qoa1taC0KSjeoJ17yUljSmNjaOU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\755f8af6e4194deae6d54fe68d596a94.exe
    "C:\Users\Admin\AppData\Local\Temp\755f8af6e4194deae6d54fe68d596a94.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Users\Admin\AppData\Local\Temp\4894.tmp
      "C:\Users\Admin\AppData\Local\Temp\4894.tmp" --splashC:\Users\Admin\AppData\Local\Temp\755f8af6e4194deae6d54fe68d596a94.exe 453EF857CD4C5D793D444C59924B5A142DC77484DA2A7191B9D136D9602AC0E87DB73187AA190F2011EBBDBED53790446A7EC15892E4EBBAB0EE7A694C434244
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\4894.tmp
    Filesize

    1.9MB

    MD5

    41dd25f1c52248cc5891bd4cb0e4d11c

    SHA1

    6fbecbc2bf6ecc2ed9d413d4c326bdf4826f3527

    SHA256

    275271e056f3965b39739506c33a398ce75e83ea5ca54a3a2e0e8e2792fefcc9

    SHA512

    17f3e5b7a6a5c99b0c1c778613af710eaace72a9da0fcbd3fbf024d166b995b333e9e9250ce60004d52a7f9bc30c47afd40ad1a8abc37bff29c02ed3975a69d3

    Download Submit

  • memory/1068-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2256-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download