Overview

overview

7

Static

static

3

7b9a469fdb...cc.exe

windows7-x64

7

7b9a469fdb...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-01-2024 23:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b9a469fdb396f55ab359ca27e9280cc.exe

  • Size

    385KB

  • MD5

    7b9a469fdb396f55ab359ca27e9280cc

  • SHA1

    96d2800df28f226991466ab8efa0a46511a66af5

  • SHA256

    f041b7e94a03de3e11e2852089d19048869c0e5c09594ca04fe4788d60722ecc

  • SHA512

    c57d2dac3ab0be15db3f42f195cb61333a4ed8add3e3966300bd5f69dad4978234970cfb6d2681e7115b5485b50adb15f9667b8138c97e91e262a709fa977291

  • SSDEEP

    6144:vLYCn06Bcc2EYyH2gP84Qkdw8i05nmzwp1leyLbrHg/uS1lknjhB:DYAuA2VxkU05mmHH8u8IlB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b9a469fdb396f55ab359ca27e9280cc.exe
    "C:\Users\Admin\AppData\Local\Temp\7b9a469fdb396f55ab359ca27e9280cc.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Users\Admin\AppData\Local\Temp\7b9a469fdb396f55ab359ca27e9280cc.exe
      C:\Users\Admin\AppData\Local\Temp\7b9a469fdb396f55ab359ca27e9280cc.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7b9a469fdb396f55ab359ca27e9280cc.exe
    Filesize

    385KB

    MD5

    bdd2cf2a5dd0f084e71c98574587b14e

    SHA1

    7431350b8ce21ebe5565b7b74ab3fad2aa4e5f77

    SHA256

    d6c8ed4976b26a804db1d893ed66d6224a9a247e94334dc49afb6e79d5cc2de0

    SHA512

    301a30387e13004f6099ce504d185f3285da8ef7fc2a2d236c6dedf344f071994f7512eaa02e3f4053c008258e48a971eb306be0fb7d2b63911e9c7f598b2fa5

    Download Submit

  • memory/1308-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1308-16-0x0000000000180000-0x00000000001E6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1308-21-0x0000000004EE0000-0x0000000004F3F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1308-20-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1308-32-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1308-33-0x000000000D660000-0x000000000D69C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1308-38-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3048-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3048-1-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3048-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3048-12-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download