Overview

overview

7

Static

static

3

8b1eb836ea...e2.exe

windows7-x64

7

8b1eb836ea...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 02:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b1eb836eafa76a6ace9a67b265424e2.exe

  • Size

    1.9MB

  • MD5

    8b1eb836eafa76a6ace9a67b265424e2

  • SHA1

    63c739f43fee83a9b90d0d3cb40031ffcbc34103

  • SHA256

    fbe03f5d280dba249a68ae54ebdb8bb44015d976d9f5569191d06066cdcf58ec

  • SHA512

    7d59ebc60d016915d2b82827504a9a1771210f18419744d36f1e2838af1033ba384a7a9c910cfc9dfb9af51e119bddb68582db59fc9c856a2a92b75e15cb6fb5

  • SSDEEP

    49152:Qoa1taC070d/uuhvE/L6fP9+SV80KoQ2Q9sL:Qoa1taC0gNhs6fP9+wblQPsL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b1eb836eafa76a6ace9a67b265424e2.exe
    "C:\Users\Admin\AppData\Local\Temp\8b1eb836eafa76a6ace9a67b265424e2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Users\Admin\AppData\Local\Temp\5052.tmp
      "C:\Users\Admin\AppData\Local\Temp\5052.tmp" --splashC:\Users\Admin\AppData\Local\Temp\8b1eb836eafa76a6ace9a67b265424e2.exe 354A9F9A84AA53884C44E458EEA4079A4B96707A18F3A0D70748EFC275600A854E58C5A9FA8F6FD58A5B335CC7FAF4F74D3B65304D73DD8F8A73201844C2DE70
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5052.tmp
    Filesize

    1.9MB

    MD5

    48dfeed112b0b37e7365c3b1c6da043d

    SHA1

    5b05bbf10d7bb2f6b03a1a876f360e2f6468005d

    SHA256

    4183b5181f67459758bd93ab9afc9c49df46e4b3e6921a83655fb208cbbbad63

    SHA512

    ac04d1410ee39d28a0015ddca787cb4ef5b658ed1d78ca51011717362636d6da82e45c57f3aefe9935b4c2bfde4f3be6715cac714c7542b8aceb68535c2c9f57

    Download Submit

  • memory/896-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3172-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download