Overview

overview

7

Static

static

3

8faf62bc8b...cb.exe

windows7-x64

7

8faf62bc8b...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 17:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8faf62bc8bbd3dd922f757660d2685cb.exe

  • Size

    82KB

  • MD5

    8faf62bc8bbd3dd922f757660d2685cb

  • SHA1

    8a653ae5d1e160e008a7d6e74a5f2cef1f70c021

  • SHA256

    1a5be96ad81ac90b204c82cebef456e06c23d8c5881099d45aa2cb24a99df1cb

  • SHA512

    1e1c251b5037cafec6fb7181cffe79ba68253b789b2b0ff8f86ccc366dc6bac78d18596c7f9607d95a963e54145e082c04f1ca8ba0abe088d04cbae22a7939ef

  • SSDEEP

    1536:rl8zNNvssdCkhJQ6yuylRnr4uaz5+6b4iIKLqu/NoZOdN73iyP1+ZIz+z4zTcc:SDvIkDQ6ylBcXzU0F/NhdVV07q

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8faf62bc8bbd3dd922f757660d2685cb.exe
    "C:\Users\Admin\AppData\Local\Temp\8faf62bc8bbd3dd922f757660d2685cb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\8faf62bc8bbd3dd922f757660d2685cb.exe
      C:\Users\Admin\AppData\Local\Temp\8faf62bc8bbd3dd922f757660d2685cb.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2372

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\8faf62bc8bbd3dd922f757660d2685cb.exe
          Filesize

          82KB

          MD5

          d963383e395f50f0b5c1027211ebf830

          SHA1

          78bd370213535af467158b931e2af6c4c9f3713c

          SHA256

          cc5e9aa38efa6ff10bd4bc92abe5e7efd0ec6f499de727a03945b6daa49bc660

          SHA512

          837d0d1ed2f13caf03dbb66fe5d33cd2ef72dd949e286c7f537b3b8577d4e6b408f84c13664a252e43aafbf96d934630162172f4350c6ad5044fdf86b8a90dd4

          Download Submit

        • memory/2228-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2228-2-0x0000000000140000-0x000000000016F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2228-1-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2228-12-0x0000000000190000-0x00000000001BF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2228-15-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2372-18-0x0000000000140000-0x000000000016F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2372-23-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2372-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

          Filesize

          108KB

          Download