Overview

overview

7

Static

static

3

8cf5efeee4...b5.exe

windows7-x64

7

8cf5efeee4...b5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8cf5efeee4beab168dd29a7241c0d6b5.exe

  • Size

    82KB

  • MD5

    8cf5efeee4beab168dd29a7241c0d6b5

  • SHA1

    53de2a0b967944d0c5fe3c02b44619619b2f5a80

  • SHA256

    02765e34b125ce779412583d7a310ee899c5025a7c16482a73c2cca6347e62fe

  • SHA512

    83fee4adb41a617c115caef2eeb017f7d9b5340f54669c5ae3188c2e05d54a27f32ebd32078c9236322cfa958b0877f76726c6b42a0a483ddde1c8e3cd682323

  • SSDEEP

    1536:M42vZxg/skWOLmzZumdKqHL6+m0wnohy++MKlC+BL9oAY04eJ:AvZxGskWLNNdKqr6BbnofVKlC+BW0D

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cf5efeee4beab168dd29a7241c0d6b5.exe
    "C:\Users\Admin\AppData\Local\Temp\8cf5efeee4beab168dd29a7241c0d6b5.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Users\Admin\AppData\Local\Temp\8cf5efeee4beab168dd29a7241c0d6b5.exe
      C:\Users\Admin\AppData\Local\Temp\8cf5efeee4beab168dd29a7241c0d6b5.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8cf5efeee4beab168dd29a7241c0d6b5.exe
    Filesize

    82KB

    MD5

    d5346b54198dd9dd354b869f7065745b

    SHA1

    f858d58c4cc436a1a8e4899b646459a8cc218521

    SHA256

    e4e9dadd1ff873f69a421fb48a3beb953b6f54aa6c01f54fedf41b77ff478d10

    SHA512

    39a2d1b1a085411f5a30cbe1d8bd1ffe8496e9c97ccebe9ec8771745ad92a1b62d91bf965dea6417dba331864f09222dea6392d3cf3a1f033e3f4c43f29fb399

    Download Submit

  • memory/1108-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1108-14-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1108-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1108-25-0x0000000004D90000-0x0000000004DAB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4900-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4900-1-0x00000000000F0000-0x000000000011F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4900-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4900-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download