Overview

overview

7

Static

static

3

8a1513f608...32.exe

windows7-x64

7

8a1513f608...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/02/2024, 17:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8a1513f608c053c48b7fe97512dcba32.exe

  • Size

    1.9MB

  • MD5

    8a1513f608c053c48b7fe97512dcba32

  • SHA1

    5f5c679d63b66b93a70214f9f6d98da4b5aae2de

  • SHA256

    3bf986cfb4b6f60ff74394b72a6e3fe64deb7300eb560d0efeba1fbb614161c7

  • SHA512

    d19a61431c0cf064874457d21efe42950fba42979922f3058540e972708fc3c2afffdc16524dc8d16cd5b2940ec166f4e232e7d680c2d14f47323f22dffc9d21

  • SSDEEP

    49152:Qoa1taC070dP85bW+O28M3LR8b4bjw9JkjDiguQdrn:Qoa1taC0FbOEOG8/kjDig3drn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a1513f608c053c48b7fe97512dcba32.exe
    "C:\Users\Admin\AppData\Local\Temp\8a1513f608c053c48b7fe97512dcba32.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4708
    • C:\Users\Admin\AppData\Local\Temp\7261.tmp
      "C:\Users\Admin\AppData\Local\Temp\7261.tmp" --splashC:\Users\Admin\AppData\Local\Temp\8a1513f608c053c48b7fe97512dcba32.exe 1412071773637780188E435E4E33CA2C84B42495B4B0DF7D100790E5F6CE09203D9D26B34ED74B08E16D84718E740A2CA729D07086821B0417F876CD61AB0874
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1748

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7261.tmp
          Filesize

          1.9MB

          MD5

          0952c97fa95091dac8e777dfe3a904c7

          SHA1

          62f4584e4fdbc8af09d7d119f76767f1c1b1bded

          SHA256

          8c5f6b5d15cbf9554540a24da74ec5a0dca5236dcff71be025cb4d9bf54beb41

          SHA512

          69fb0ee67ba67514f36c73cb04893199cf43a7205ea9748c531c7f630a835552e8dab1da33bbe333f61291bf0127ae4ed0933a1577f256620b5a229778c53262

          Download Submit

        • memory/1748-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4708-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download