Overview

overview

7

Static

static

3

7f42d04a95...fb.exe

windows7-x64

7

7f42d04a95...fb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f42d04a954d7a316f487ff178a590fb.exe

  • Size

    1.9MB

  • MD5

    7f42d04a954d7a316f487ff178a590fb

  • SHA1

    e0407b4cc080fa022632c70166cb44c92291cb21

  • SHA256

    5c53455fe4701bb994bf3cc40569b52faa95c854c6608e8959506cd95145f0f7

  • SHA512

    f77ece75bda7d5405cd3c5ee109d6071d1123831178f5176f63242be11de495776458f9b7bfc6ee695c14ac6b1e79c0029c4d98a72bfd12b2b4d9160f2e083cb

  • SSDEEP

    49152:Qoa1taC070dhKMsf+4jxFQuJdnO8AF8Pj9VrgG7uW5:Qoa1taC0ubsfRxFQuDwF8P5Vz1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f42d04a954d7a316f487ff178a590fb.exe
    "C:\Users\Admin\AppData\Local\Temp\7f42d04a954d7a316f487ff178a590fb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Users\Admin\AppData\Local\Temp\6C4.tmp
      "C:\Users\Admin\AppData\Local\Temp\6C4.tmp" --splashC:\Users\Admin\AppData\Local\Temp\7f42d04a954d7a316f487ff178a590fb.exe 2AF64CBDDA399DD0F46374832049B5D69C797FA35024718607C998636268D683926A667730AF154D8BF24AF7578725922A1417E8B98D8091B583E38545A9F5B4
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6C4.tmp
    Filesize

    40KB

    MD5

    7c557595de23723e2717c4a55ccc6ef6

    SHA1

    15bde2db520537a12c7bda2422a2be82e003778f

    SHA256

    7da64b33daa4a5315ee36058fe9202873935965161b6957a051094a040cf6ffe

    SHA512

    1b02a9e896f71469cc66b360fe37db4caee766564c0ef52083df3b75ae158cb61b20a68493e5e5a73a130cc5254dec63aca306d251f972004a28210803031c0a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\6C4.tmp
    Filesize

    14KB

    MD5

    d7d83ab36300145db649319e594e9863

    SHA1

    16cc45cfdc54e935111dcb37785bdaa7d3d5336f

    SHA256

    ff6b64880236b3135ef7db23b5a38e5dc8f07d00b0e3302970d2347964c2d6d6

    SHA512

    ea9e3d807ff43fa37af996a116a3339aa0d49af045652992a94e4b908a3c4275337a8132ac920bb997d80444b21e1f0bddbb691a43b047a603ccf20b9367185f

    Download Submit

  • memory/1824-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2360-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download