Overview

overview

7

Static

static

3

8e1aa0c1d5...7c.exe

windows7-x64

7

8e1aa0c1d5...7c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2024 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e1aa0c1d5f3ce593dab994ea70fac7c.exe

  • Size

    105KB

  • MD5

    8e1aa0c1d5f3ce593dab994ea70fac7c

  • SHA1

    b4b2cd399b50960982138cb82704b87fd2e0ba8a

  • SHA256

    6e4cd20f9ad2a0a86286c5a5cff471a7dbff00ae36a84906881479bf1dc6423b

  • SHA512

    ca86769d4584a8474ff234bc010317659ba717523ad524273247e5d056566bc95a1abaf630f7517c9d2376dcdc4f6d37bb0f4b1628e021dcb86a407b09cd7141

  • SSDEEP

    3072:ApV6fFJYsYufO3bn9eHtd2UXA8flS9IkJspW9i:ApV2FJ8ufyn9eNoUw99I2sY4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe
    "C:\Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2492
    • C:\Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe
      C:\Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe
    Filesize

    105KB

    MD5

    84fabb493c646414a340a66feadba039

    SHA1

    a8611448e23659ad3a65c93d3ac66c702030a1dd

    SHA256

    837afd84b3d4762dfa93a12aac26554ebc0ab3518e97e18cefad3a6b3180faf7

    SHA512

    7baa4d55b39ea55af120a7f6928a1fd51687979c963bcc1dedf893a75a48c94889d5e2b499afd8fe5863fe23299d20ddbd62a958e4cbc0b14b840dc17c2ed4da

    Download Submit

  • memory/808-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/808-15-0x00000000000E0000-0x000000000010F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/808-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/808-25-0x0000000001500000-0x000000000151B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2492-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2492-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2492-1-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2492-12-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download