Overview

overview

7

Static

static

3

7a8a42f06f...3b.exe

windows7-x64

7

7a8a42f06f...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2024, 14:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7a8a42f06f83b9331ef57a43b10cdb3b.exe

  • Size

    1.9MB

  • MD5

    7a8a42f06f83b9331ef57a43b10cdb3b

  • SHA1

    14ea94baa21651678d6351d162d02772d8e6204b

  • SHA256

    b0ece2677d6ab0723a84a3537cd01df02c470753d6ed08d9070ed46f06874f21

  • SHA512

    653f933e39b5551f7cbe7a055e91065ac1c460f0ac7cc9e2d9beebdc1d9c2a0e8d0a651f096d902f243b69ef32b037482f0ac32fc6454cb3ca25eb297a6447c6

  • SSDEEP

    49152:Qoa1taC070d8FugnrINFOndDMlXvOWs5hr:Qoa1taC0XFumalX96B

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a8a42f06f83b9331ef57a43b10cdb3b.exe
    "C:\Users\Admin\AppData\Local\Temp\7a8a42f06f83b9331ef57a43b10cdb3b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Users\Admin\AppData\Local\Temp\8C7.tmp
      "C:\Users\Admin\AppData\Local\Temp\8C7.tmp" --splashC:\Users\Admin\AppData\Local\Temp\7a8a42f06f83b9331ef57a43b10cdb3b.exe 23476FF7D78427ECC60E80F6DF1DAEE1D18473B19C8F60FA784C3F2A834C66022E868DBFC6E0AC7CC3007B5C703ED812FC05DEE5592F130CC3936A6272F78082
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1216

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\8C7.tmp
          Filesize

          934KB

          MD5

          301bc41c252c739ab6a23ed957c42415

          SHA1

          8d4ace4cc421949037b1091206ee3d471dffab0f

          SHA256

          59687e5a7d829e0523e474299bb3989ecb8a1cff83273668b51b5feb788397e7

          SHA512

          2cdf0eedb83574628dccad4097a4cca8bffa95403d7561bbcee2fd545d2818644b3be1ba358e9ea5fa5f5ac39c958b57fb965f4f955ec7a65af6207a7fe69075

          Download Submit

        • \Users\Admin\AppData\Local\Temp\8C7.tmp
          Filesize

          1.1MB

          MD5

          179a51eeea62012fa6db13ce0eabf60d

          SHA1

          0e303ecf40e33c8f373070a36cc39cbb2a034a4a

          SHA256

          d1e24f33df5cbbe78b3cff31d390907f15da950c0832266ba5eef8b871351631

          SHA512

          ba57f012937fbe5fc6c48a4ae22343eb7e4f0cc35e103506c01f6102314b5504e85e1a09a52361c93aa802ce5e86b479d477cf2693eeb2943ced936d79efebe2

          Download Submit

        • memory/1216-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2356-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download