Overview

overview

7

Static

static

3

7a8a42f06f...3b.exe

windows7-x64

7

7a8a42f06f...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-01-2024 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a8a42f06f83b9331ef57a43b10cdb3b.exe

  • Size

    1.9MB

  • MD5

    7a8a42f06f83b9331ef57a43b10cdb3b

  • SHA1

    14ea94baa21651678d6351d162d02772d8e6204b

  • SHA256

    b0ece2677d6ab0723a84a3537cd01df02c470753d6ed08d9070ed46f06874f21

  • SHA512

    653f933e39b5551f7cbe7a055e91065ac1c460f0ac7cc9e2d9beebdc1d9c2a0e8d0a651f096d902f243b69ef32b037482f0ac32fc6454cb3ca25eb297a6447c6

  • SSDEEP

    49152:Qoa1taC070d8FugnrINFOndDMlXvOWs5hr:Qoa1taC0XFumalX96B

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a8a42f06f83b9331ef57a43b10cdb3b.exe
    "C:\Users\Admin\AppData\Local\Temp\7a8a42f06f83b9331ef57a43b10cdb3b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Users\Admin\AppData\Local\Temp\B3A0.tmp
      "C:\Users\Admin\AppData\Local\Temp\B3A0.tmp" --splashC:\Users\Admin\AppData\Local\Temp\7a8a42f06f83b9331ef57a43b10cdb3b.exe C43150660664094B328818B1306873A681672196DBE542C1503627975B3444B5AD4B180FC79F625C3DC23A04606008C913CF413189297B75E04E046EC67FD017
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B3A0.tmp
    Filesize

    1.9MB

    MD5

    65d2d0d71189a1057c30853c741c2a52

    SHA1

    5b5b0c9d5b36b5fca1cf01fb55ec4da05c18bc2f

    SHA256

    c829bfbb28cb8b5cd51d50e4e250304f202c4a0153fc6fd9bf9d855b340bb117

    SHA512

    21787f2b1b3283a148cf1b13b2079a558f3854ae508650045a5d122db0c8cc6cffd93dfe9392720389505150479aef0330bb23f76f8eb18a65a74579b1038d94

    Download Submit

  • memory/860-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1888-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download