Overview

overview

7

Static

static

3

900e0874ac...fa.exe

windows7-x64

7

900e0874ac...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 20:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    900e0874ac644cb6dc043d953c89a6fa.exe

  • Size

    57KB

  • MD5

    900e0874ac644cb6dc043d953c89a6fa

  • SHA1

    7fbfb91142a7d76d761e454fda15642c3ffaa472

  • SHA256

    72ec13498264a419837f393804fcdebc3d2996a499a5f409e519f80c9f66b1e3

  • SHA512

    fb96eb297cc1bc23450be9d42818b5eef1ceaf4042c67eefb19ab000b6c30eec4f3263c480eb9df11dbcbf76b9c44180ca1754bc9edbe233c4655a3f75ed9beb

  • SSDEEP

    1536:qwzT9AgyEu6UzWyDBpkDmgY6dtr0/KHQgyVba:WgABCDmCtrB0V+

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\900e0874ac644cb6dc043d953c89a6fa.exe
    "C:\Users\Admin\AppData\Local\Temp\900e0874ac644cb6dc043d953c89a6fa.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:664
    • C:\Users\Admin\AppData\Local\Temp\900e0874ac644cb6dc043d953c89a6fa.exe
      C:\Users\Admin\AppData\Local\Temp\900e0874ac644cb6dc043d953c89a6fa.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4500

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\900e0874ac644cb6dc043d953c89a6fa.exe
          Filesize

          57KB

          MD5

          35978853fc2f5db52ece60320c8895bd

          SHA1

          0765a7155b3449ae3c51fe315005ccb87c98cc54

          SHA256

          690bb614ef12bf92279eadffa370c56ee0f9f4af18661b4b3baf887cfc6001b3

          SHA512

          cfbbbfc87c2464a2bcbdc2b1db48d4cca8f3b85f270a1cd0df63ca7e51f4bbcef9e45f657a6f4a959de94cd02eff3e35c9167a7c5c49ae39afb9ef50f972d2c7

          Download Submit

        • memory/664-0-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/664-1-0x0000000001500000-0x000000000152C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/664-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/664-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4500-19-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4500-25-0x0000000004D80000-0x0000000004D9B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4500-24-0x0000000000190000-0x00000000001BC000-memory.dmp

          Filesize

          176KB

          Download

        • memory/4500-14-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/4500-13-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/4500-26-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download