Overview

overview

7

Static

static

3

7bc5ea40ef...e9.exe

windows7-x64

7

7bc5ea40ef...e9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 01:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7bc5ea40efe5d95211d2edcb258e12e9.exe

  • Size

    84KB

  • MD5

    7bc5ea40efe5d95211d2edcb258e12e9

  • SHA1

    6f7d1231ff79df2804b2475474f05e24e02449f9

  • SHA256

    63f24994ab67b1f6a694ba7be5347afa3638ecb3c0e03ade6c467543b169ba6d

  • SHA512

    edea38c79d4589111d262f27b61333b21353231a559a994efab2434ebee785eb9a06ef7d8d67dcebcae70eb855cf10463275237b3d706aaaa9da3bd4a65af6dd

  • SSDEEP

    1536:wKDogHOh6weSw1O+BkHbXdQ/icLE+ZKHNCT/cEhqK6VpHz9msesobrZO92r3yIBV:w0lOhLHzc5ZKtk/MZ1XWY9GyIBZ3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bc5ea40efe5d95211d2edcb258e12e9.exe
    "C:\Users\Admin\AppData\Local\Temp\7bc5ea40efe5d95211d2edcb258e12e9.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Users\Admin\AppData\Local\Temp\7bc5ea40efe5d95211d2edcb258e12e9.exe
      C:\Users\Admin\AppData\Local\Temp\7bc5ea40efe5d95211d2edcb258e12e9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2572

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7bc5ea40efe5d95211d2edcb258e12e9.exe
          Filesize

          84KB

          MD5

          c79d89da326b5f84ea0dbaff67fb3b41

          SHA1

          a6b1bab34f064ef12a1d7fd4bb33cf9483da9fdc

          SHA256

          4e0871075e35b6aa73f88d66ce400de815aee4777ed2245ec9e67ac6a6ac30dc

          SHA512

          e6685bfa1098511624932afea0362fb155f728b0c3aa856f8eb24ef5735d07de82d1e581eada54577b8c113dcbf4f9dbacf184e0e689180b01b76492c31f46b9

          Download Submit

        • memory/1692-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1692-1-0x0000000001430000-0x000000000145F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1692-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1692-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2572-16-0x00000000000E0000-0x000000000010F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2572-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2572-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2572-23-0x0000000001500000-0x000000000151B000-memory.dmp

          Filesize

          108KB

          Download