Overview

overview

7

Static

static

3

7d2e5c9eb1...69.exe

windows7-x64

7

7d2e5c9eb1...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-01-2024 12:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d2e5c9eb1c1e6d65ccc0dc5dcba6769.exe

  • Size

    385KB

  • MD5

    7d2e5c9eb1c1e6d65ccc0dc5dcba6769

  • SHA1

    cfa3f4a576b033b634f35dbe7aa052a0e50830f3

  • SHA256

    1ab12f17e3e2e39e2a2d1fe643edc29216bdf23c01d0f6c957c6f4f71c0be070

  • SHA512

    68473dc46abf58435a4def4094b163a9b635c505c83b4d727c39c64c19a877d85b865b53523f687450c82da8dcc902dcbe8dfc987d4dd159c279044fd0f6e3a7

  • SSDEEP

    12288:6fBPw0qeJ1zwTRKxzuD/ubQ61W+1ws354B:IBSIgzD4tGB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d2e5c9eb1c1e6d65ccc0dc5dcba6769.exe
    "C:\Users\Admin\AppData\Local\Temp\7d2e5c9eb1c1e6d65ccc0dc5dcba6769.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Users\Admin\AppData\Local\Temp\7d2e5c9eb1c1e6d65ccc0dc5dcba6769.exe
      C:\Users\Admin\AppData\Local\Temp\7d2e5c9eb1c1e6d65ccc0dc5dcba6769.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7d2e5c9eb1c1e6d65ccc0dc5dcba6769.exe
    Filesize

    385KB

    MD5

    6125670785657a334f57c9cf37c086ba

    SHA1

    35df84c541d8f3d929b5bf992c70aee62b1e3d3d

    SHA256

    a93237de78dbe05ae892e794293001b5ce0f0ecd3777fc012c4eab09d9d5e8c8

    SHA512

    dabba6055fa27710c20d53716e37d246e06f33c3b5b565164b42749006277ea21c4bcfe734f4123b157b11697801c631b27042f59b1d87b2c039e09a3913566c

    Download Submit

  • memory/1620-16-0x0000000001600000-0x0000000001666000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1620-14-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1620-21-0x0000000004ED0000-0x0000000004F2F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1620-20-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1620-32-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1620-33-0x000000000C620000-0x000000000C65C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1620-38-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2368-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2368-1-0x0000000001620000-0x0000000001686000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2368-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2368-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download