Overview

overview

7

Static

static

3

806f68ca74...f2.exe

windows7-x64

7

806f68ca74...f2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 17:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    806f68ca74e59b5ce4ad259b37dd65f2.exe

  • Size

    1.1MB

  • MD5

    806f68ca74e59b5ce4ad259b37dd65f2

  • SHA1

    fcbd5982b7e6775b9a39d3f1d96f8e68f930e8f7

  • SHA256

    5446014f6ed23b74dac86e15dbda4bf8bf9662e874b6caabd63418ca5ccfe24e

  • SHA512

    b9af2fd6efbc250578773627f18e9233bb31a7477a2be0b77157a48fbdcee7a8974240fe420053201aea991565a1274dec68fbfd2bb3629476feefc7722d6d4d

  • SSDEEP

    24576:SypW9SgLNZaOdcTMuUvxIgR5tm1yKsoSUEfksdhbLEzU+87kMX9qJGTY:St9SgLNZa6xICC031kChbw187M0Y

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\806f68ca74e59b5ce4ad259b37dd65f2.exe
    "C:\Users\Admin\AppData\Local\Temp\806f68ca74e59b5ce4ad259b37dd65f2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Users\Admin\AppData\Local\Temp\A6C.tmp
      "C:\Users\Admin\AppData\Local\Temp\A6C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\806f68ca74e59b5ce4ad259b37dd65f2.exe 6EDB6C4E2BF1BF537F5D0560BD2EDCF92AABCA7ED69C8F4BBC60258C930D3D8BD63C451ECA3A849804FB752F1CC5430B13F048C87022D382E6340E6880FE0F21
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A6C.tmp
    Filesize

    1.1MB

    MD5

    00e3f174ee2610101c26f7b59a70abb9

    SHA1

    baf08f2a551aa7c75ba658e3d485a326d420bc9b

    SHA256

    d22ad5edf41bc916e4ef02822a4abbd90991ac1e960d3d7694d543f9fb575023

    SHA512

    8e66f5c1205cd85548d2dc1bf356f3bbbbadce32249683b10001e46aecaffb762f3005f9818fe1209d6e45ff89e5020ac98309a0d45ce44774d61639f538ac2f

    Download Submit

  • memory/1704-0-0x00000000002E0000-0x0000000000330000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1704-1-0x0000000000A70000-0x0000000000BB5000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2184-8-0x0000000000E10000-0x0000000000F55000-memory.dmp

    Filesize

    1.3MB

    Download