Overview

overview

7

Static

static

3

8b1eb836ea...e2.exe

windows7-x64

7

8b1eb836ea...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 02:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b1eb836eafa76a6ace9a67b265424e2.exe

  • Size

    1.9MB

  • MD5

    8b1eb836eafa76a6ace9a67b265424e2

  • SHA1

    63c739f43fee83a9b90d0d3cb40031ffcbc34103

  • SHA256

    fbe03f5d280dba249a68ae54ebdb8bb44015d976d9f5569191d06066cdcf58ec

  • SHA512

    7d59ebc60d016915d2b82827504a9a1771210f18419744d36f1e2838af1033ba384a7a9c910cfc9dfb9af51e119bddb68582db59fc9c856a2a92b75e15cb6fb5

  • SSDEEP

    49152:Qoa1taC070d/uuhvE/L6fP9+SV80KoQ2Q9sL:Qoa1taC0gNhs6fP9+wblQPsL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b1eb836eafa76a6ace9a67b265424e2.exe
    "C:\Users\Admin\AppData\Local\Temp\8b1eb836eafa76a6ace9a67b265424e2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2448
    • C:\Users\Admin\AppData\Local\Temp\8517.tmp
      "C:\Users\Admin\AppData\Local\Temp\8517.tmp" --splashC:\Users\Admin\AppData\Local\Temp\8b1eb836eafa76a6ace9a67b265424e2.exe AD6E213A2FB9588BAE1E70644F132A7381850DB0D32F32D73D140E942829BE1D8C3FAB803E7A8C68C6A1526EEF29D41ADEF7F0FE0B95D97989E88230A478C6A0
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\8517.tmp
    Filesize

    1.9MB

    MD5

    40e08038bd437e8403631e44b84f3f6d

    SHA1

    08a15806ce27c2e90c4a8ee28a9934079751a351

    SHA256

    c4cce726618cbf51f7477c2b309fbdae546841a1923c8632fbc13b3f92a10ad2

    SHA512

    5082e8b4015713fca3a6ef63f953ae8a1bcd1321baf896803a1aff8207326c65c5030f82e96de35c593ccefdeafc00514d7705b6f0cbdf91da9dcf9746025b63

    Download Submit

  • memory/2448-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2984-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download