Overview

overview

7

Static

static

3

7c602be390...69.exe

windows7-x64

7

7c602be390...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 06:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7c602be390f6eb6ea9e0c98752b0eb69.exe

  • Size

    1.9MB

  • MD5

    7c602be390f6eb6ea9e0c98752b0eb69

  • SHA1

    2dba8ca51b2f27cc5c346676bcb1fc216de2e9f8

  • SHA256

    ccb2a13f385ad05a14c78a4a6cb11021f2a6790854d688a9f38b47f5672bc1fb

  • SHA512

    33277b42752023e8a810be3fea6fdc4a7dc2533cb4af1c2549bf2556aac13fca7f3895019fbd66d75bb5fa666ec62252bbe8e58315a5051b8e459fbb02f2907c

  • SSDEEP

    49152:Qoa1taC070da60nLRS/6QFkpYpWF3e2tXZddrrA/3po:Qoa1taC0J5nsEYpKOyAfpo

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c602be390f6eb6ea9e0c98752b0eb69.exe
    "C:\Users\Admin\AppData\Local\Temp\7c602be390f6eb6ea9e0c98752b0eb69.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3216
    • C:\Users\Admin\AppData\Local\Temp\4892.tmp
      "C:\Users\Admin\AppData\Local\Temp\4892.tmp" --splashC:\Users\Admin\AppData\Local\Temp\7c602be390f6eb6ea9e0c98752b0eb69.exe 124DEDB6F185C9DB0BE0D76121DE26F02620E0810C2D9BB709A9BDFCA3175F631F592431E67F359B1BFE54A5586668EC908D95DC797CA7C918C86955352F490A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4192

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4892.tmp
          Filesize

          1.3MB

          MD5

          faa71b4c092b219b5e5884ee44c9d6dd

          SHA1

          da8b5c537eed806d81ac51751a65451b35feae59

          SHA256

          142ac214bf5fb77cf61f49fe3a85de5403e8a1d20176862aa03ddada7cc15588

          SHA512

          6f407e3a330e6f54313bd36972a87a41f7ac43420c1d7343bb303727a189c0c1ff7645b3b066bcc725288e5c86c1f48ce02591315fd2ac7076d7e211b948fd38

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\4892.tmp
          Filesize

          1.7MB

          MD5

          f5509df5a5c8514ced16c3296e224189

          SHA1

          26253b946fafb2fc0fece3c526da367cd45f514b

          SHA256

          bc4e6bdefbc41ede3fc0aad318c9976f4e13587c5e9f5b6f2ac5052471d76253

          SHA512

          882f5b574b489e0e73c0551edeb70b42e8c67cab4ea316f9a743be6178a7b2d30b54e9015420f880c94207bbb57111d23f2c0905a42ae10d6e69a3a248eb1cd3

          Download Submit

        • memory/3216-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4192-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download