Overview

overview

7

Static

static

3

87d714fc08...44.exe

windows7-x64

7

87d714fc08...44.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 22:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    87d714fc088e37880f5f332c86692344.exe

  • Size

    82KB

  • MD5

    87d714fc088e37880f5f332c86692344

  • SHA1

    01f10b0144ee3f0998b5b80e8412e87cb23b0803

  • SHA256

    9611b8907be727e6d5614bfc97170d2aa99d0242a2f93bea75db303c1e13cc84

  • SHA512

    ba9733ae21380d771c980e85d9f1429caf79eb5c19f5652cc122d826ad6f1e56caf9b909a6f482167f40d5e4d8319ff2ee9e74bcf91f5cf258d124bdb832fb3b

  • SSDEEP

    1536:rnf9PbnUaVm9PeM/1BucW+Om3hZRaOYQioZgwasK5P5A:jVMGa1BuQ3L0rQlZgwyt2

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87d714fc088e37880f5f332c86692344.exe
    "C:\Users\Admin\AppData\Local\Temp\87d714fc088e37880f5f332c86692344.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4080
    • C:\Users\Admin\AppData\Local\Temp\87d714fc088e37880f5f332c86692344.exe
      C:\Users\Admin\AppData\Local\Temp\87d714fc088e37880f5f332c86692344.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2300

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\87d714fc088e37880f5f332c86692344.exe
          Filesize

          82KB

          MD5

          7eb0fada8b423464f493e2c114bf1b48

          SHA1

          6dcdb4e708954e9fed867ab5a5bfeb7f77fed852

          SHA256

          cd37ba330f06f74c13ef638a58d98969bb7d89ff23497b6fee1e0c228dbbd880

          SHA512

          8813dd957f720cfd554f2d4cb0c3b08644496470ae6b8b79dbcf07f2621bc667088543b1f8652831aaf4804669558c8f4c7b52855f343b2a0cd6a99716669f18

          Download Submit

        • memory/2300-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2300-14-0x00000000000E0000-0x000000000010F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2300-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2300-25-0x0000000001500000-0x000000000151B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4080-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/4080-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/4080-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4080-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download