Overview

overview

7

Static

static

3

7ddab67ef1...ed.exe

windows7-x64

7

7ddab67ef1...ed.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ddab67ef16dc0d2c461668824a6dded.exe

  • Size

    1.9MB

  • MD5

    7ddab67ef16dc0d2c461668824a6dded

  • SHA1

    5f0895bdc95b2751dcc68c1e3a54b93372c3dcd7

  • SHA256

    c8f72553f4102b3aa8bf907a2c269cfb723186be878ef2d0e2e73e4f2a4525f0

  • SHA512

    9d1fad1feaaade3fa607ce2bc44653ba2d4c498ec2c311f8eca23f9fca22ec1865ca414f8ca99d1bd0238041c3c60a43cf23027429b93684a16bcc0759818d7e

  • SSDEEP

    49152:Qoa1taC070dx86HzWFE4FNSnwNiufdtDKGaFwIs:Qoa1taC0C86TWFLqu1tGPwIs

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ddab67ef16dc0d2c461668824a6dded.exe
    "C:\Users\Admin\AppData\Local\Temp\7ddab67ef16dc0d2c461668824a6dded.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:388
    • C:\Users\Admin\AppData\Local\Temp\A8A.tmp
      "C:\Users\Admin\AppData\Local\Temp\A8A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\7ddab67ef16dc0d2c461668824a6dded.exe D7CEF9828B94FD529F2FCBEC3767485E58787892F614FDEA11282AC4A5FBEB933A2E0A4DF5D9CE3878656A0034EAAE63F46BE06A54EC65D3E699AD96111289CA
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A8A.tmp
    Filesize

    1.9MB

    MD5

    dc76784228117e5a889f6d396f959c40

    SHA1

    a8208ab79d95e88a123420ea9cf95533ad9a7b93

    SHA256

    07ca9a5379f4f4b100e26178b69b3c8910895ac60e811fa1796603f49f49af12

    SHA512

    b84c52d32679fd8e0737c898450fb71d32cb11b29bc12e0ef02a2e36b3c88de4a08d19902787de71525b04330d5fbdd692db1e0a4182a1cdd5938f13511bf80e

    Download Submit

  • memory/388-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3368-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download