Overview

overview

7

Static

static

3

786ed671a6...07.exe

windows7-x64

7

786ed671a6...07.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    786ed671a6377bdf06058615d03d6d07.exe

  • Size

    82KB

  • MD5

    786ed671a6377bdf06058615d03d6d07

  • SHA1

    e689f30916520f03934879fbf9ed3c20d67bdc95

  • SHA256

    a1e3ef7411af01c59c0df63545794405eed3fe9da6fbbfc6d5651da5e6cf0d41

  • SHA512

    b955623d81b68f87fbf154151c13e2bb8a6f9e51493b2914dbbd8a7034004843bda3a5799ca9bf741c0dade6941c713a37502464eff6b87e518fcae67444180a

  • SSDEEP

    1536:VDiuq497R3eylXIcfo33gS20M+GrkbvA8PwfgETr9r+SfBhMNza8RAp:VDiq93eylNo33C0M+nJYzTl+UWeAAp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe
    "C:\Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:416
    • C:\Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe
      C:\Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe
    Filesize

    82KB

    MD5

    2d96941b1419be84540fa197d2b2182f

    SHA1

    317693b24df431a9edcfe0ce9a5530ab462aad55

    SHA256

    86e05b45e7b147e16f0be3f2a5e348be1f25111d48c60c0808256c745c1f2d7b

    SHA512

    e21dea8a1b59e735285b75cb990249693939673a4fa19d8ffd80500ff55738bc5f1ca5e48bcaf6ddeda7281fc8676e54fd13a5a7db487e7f31b36ba01b682eed

    Download Submit

  • memory/416-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/416-1-0x0000000001430000-0x000000000145F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/416-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/416-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3332-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3332-15-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3332-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3332-22-0x00000000014F0000-0x000000000150B000-memory.dmp

    Filesize

    108KB

    Download