Overview

overview

7

Static

static

3

7a4273fedf...3d.exe

windows7-x64

1

7a4273fedf...3d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2024, 12:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7a4273fedfb60216899a6a3d35d0ca3d.exe

  • Size

    385KB

  • MD5

    7a4273fedfb60216899a6a3d35d0ca3d

  • SHA1

    1af11bc50b1af83fa021045fad7d90b55cfab25d

  • SHA256

    fa285aac532ecc8b2fbe7dcfbb62832b8dff0211ce259ffadefa955c91193c62

  • SHA512

    fb8cca9661e78880f902eedaf5bb5edb2c070ba53ba04f9bcb297ca72954ffff1b1a7f750ab7339ada414aba84e4efd3bdfdef2a0ea4c2b32782f1c738f75091

  • SSDEEP

    6144:ekMezUq25LS9t8aD1t93m85PKzUplOOVS7JimSQWR/k7IuKNsiWhGn2PB:ePezUOt7DH9FPEKO1wM7IJGiKRB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a4273fedfb60216899a6a3d35d0ca3d.exe
    "C:\Users\Admin\AppData\Local\Temp\7a4273fedfb60216899a6a3d35d0ca3d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:980
    • C:\Users\Admin\AppData\Local\Temp\7a4273fedfb60216899a6a3d35d0ca3d.exe
      C:\Users\Admin\AppData\Local\Temp\7a4273fedfb60216899a6a3d35d0ca3d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2320

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7a4273fedfb60216899a6a3d35d0ca3d.exe
          Filesize

          385KB

          MD5

          2a7a3962708181081dba1facbff8f5ee

          SHA1

          9f2f0ac46c5a05ebbe31bc4d3ea982bb86c9f992

          SHA256

          48a68a4fde3a76c27214bba1bf3ff7462a309795ff7cc9b9e617248eb29688a4

          SHA512

          0906758fa65e9a74a839026c78c73212751123a06f243c34e218a35df1aed487d7a37bbde1eb8fe27185ff76cf7c967f4706f1856407c403061dfdd8fd711381

          Download Submit

        • memory/980-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/980-1-0x00000000015E0000-0x0000000001646000-memory.dmp

          Filesize

          408KB

          Download

        • memory/980-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/980-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2320-13-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2320-14-0x0000000000190000-0x00000000001F6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2320-20-0x0000000004E90000-0x0000000004EEF000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2320-21-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2320-31-0x000000000B600000-0x000000000B63C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2320-30-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2320-36-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download