Overview

overview

7

Static

static

3

77ad9bf589...df.exe

windows7-x64

7

77ad9bf589...df.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77ad9bf5898555c36ce5abeb39943adf.exe

  • Size

    1.9MB

  • MD5

    77ad9bf5898555c36ce5abeb39943adf

  • SHA1

    4b313f09dc92913430a73b43ad4fa8bb9af1e3a0

  • SHA256

    c85f55f4ce7864b8ba3fdc42685f6c3bde1b90803f5d617696e08693b36973a3

  • SHA512

    200dd0221bb49c5e1ceceee0f8049045f6682c390831d5e7a0ba8c7e2e103c2fb17a916525c17372d98276a44e49a41d26237128592b25d6e4becb1442bf8150

  • SSDEEP

    49152:Qoa1taC070dz3zUrufJRi9rEM7XAVYceOPZ:Qoa1taC003gCfq9rEGeYCZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77ad9bf5898555c36ce5abeb39943adf.exe
    "C:\Users\Admin\AppData\Local\Temp\77ad9bf5898555c36ce5abeb39943adf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Users\Admin\AppData\Local\Temp\4A86.tmp
      "C:\Users\Admin\AppData\Local\Temp\4A86.tmp" --splashC:\Users\Admin\AppData\Local\Temp\77ad9bf5898555c36ce5abeb39943adf.exe 72CB2C4BE999C55925101042C31430F1957AD68B6B3C7D16598EDC218710CB4B531D474411C173B3138280DDD16F587E5AF86A43E2787E90C8C5C4834DF2A28B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4A86.tmp
    Filesize

    1.9MB

    MD5

    44208535646dceb03bbb887aa0fd8018

    SHA1

    d3560d9164063601db6b7267d96beb794fc6fe02

    SHA256

    ff39c9c95b46bf1e7dfca1de36dd4efa76ccfbab0acb0eb3ea22d8942d2e7b27

    SHA512

    e6601d6dc0b7168b0651023b3ddedad1f42f7e9c009343880b66de0599c6630a1fcf67150af2f32e347d2f0a40f0a195ef07fbb0f29f77e6bad9d5b35e5120ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4A86.tmp
    Filesize

    1.7MB

    MD5

    24d794d4b37371533f525fd7a08db7d9

    SHA1

    9eb7ac892942775c8e96fa4c7a87d3f95b099ec2

    SHA256

    1e7408cb53e56019e91fbeb856262a82f513f2cc7c94d3cd08ca28b15293decb

    SHA512

    50d4e710148b90196989af30280befb2b51588d2dde3923e4f35702916e6221d90730bdc8c5fc1cdac048e78270f28ac27dc554b06ccacdf1fb8e8aeea2d73a5

    Download Submit

  • memory/1468-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4376-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download