Overview

overview

7

Static

static

3

778982a571...45.exe

windows7-x64

7

778982a571...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/01/2024, 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    778982a571c11cda087314dffc99d045.exe

  • Size

    907KB

  • MD5

    778982a571c11cda087314dffc99d045

  • SHA1

    f27f7d8848224c400f5b6164c70905b738eb489f

  • SHA256

    72308efa56a7c9d7b00f8a3e9661ae1e1af7fd425641e0f7d776609958362beb

  • SHA512

    8e6d4c1941f7f5b9f5e624598b445cbbb4bd52e5b953f9120ee4b2b219d9f79275a00c90c344f161606c350a85d2affca9d47bab37b14eae271c7c1f826233f1

  • SSDEEP

    24576:v3czKz3+ixN1ZMEfv3OW4HEofkAQRk7nslMQgrswEkFpRNhV0O7sOed000X+90MM:1Q8ZGGOew6CNYywW6KBgS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\778982a571c11cda087314dffc99d045.exe
    "C:\Users\Admin\AppData\Local\Temp\778982a571c11cda087314dffc99d045.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4004
    • C:\Users\Admin\AppData\Local\Temp\778982a571c11cda087314dffc99d045.exe
      C:\Users\Admin\AppData\Local\Temp\778982a571c11cda087314dffc99d045.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\778982a571c11cda087314dffc99d045.exe
    Filesize

    275KB

    MD5

    5a2dc576784b49a915a6311a9090cf7a

    SHA1

    dbfb0d7c0f7b29d34a9fccda23e3ea20d7c78ff7

    SHA256

    2d6d5cd298f5cbab8ce6e5a532b6314982f6c67c3de1a5068b3638ced46e6594

    SHA512

    704fef9b4a26dff5773aa527511504f05629968ae82c08e875b571c10d48bc9b638c83e8e5fcfd5e5b8e8b1d1484fda6c18712f6dbb4549456e3d9850bd5e927

    Download Submit

  • memory/4004-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4004-1-0x00000000017D0000-0x00000000018B8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4004-2-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/4004-11-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/4876-13-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4876-16-0x00000000015B0000-0x0000000001698000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4876-21-0x0000000005080000-0x000000000513B000-memory.dmp

    Filesize

    748KB

    Download

  • memory/4876-20-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/4876-30-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4876-32-0x000000000B800000-0x000000000B898000-memory.dmp

    Filesize

    608KB

    Download