Overview

overview

7

Static

static

3

95bcae3ed6...d6.exe

windows7-x64

7

95bcae3ed6...d6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/02/2024, 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95bcae3ed639a247c35279f7712507d6.exe

  • Size

    1.4MB

  • MD5

    95bcae3ed639a247c35279f7712507d6

  • SHA1

    423cc5791a4c5fad90a94147f5af343300884b5f

  • SHA256

    c262ce82a42780fb6e835f396ed44e8258b3890dc470facc67d0baaa09f3dfb9

  • SHA512

    00bca44dc5eeed0c88e182dfc27138511a9dee6c39614c11738078a4a32ffc9a4e1ca3578e63e63537229a6d63d7185bf17b2f1a943be79cd2898b1a8099063d

  • SSDEEP

    6144:pirhh5K8GHwvN5RbNPsuvyF6sg+cyMJg8ZFipp644mj3hl0JQBPln:+h5KZHwvN51dyzgvHJgR64R3P1n

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95bcae3ed639a247c35279f7712507d6.exe
    "C:\Users\Admin\AppData\Local\Temp\95bcae3ed639a247c35279f7712507d6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3480
    • \??\c:\avmon.com
      c:\avmon.com
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: GetForegroundWindowSpam
      PID:4496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\avmon.com
    Filesize

    1.4MB

    MD5

    97b08026452326aeaa21fbaf1d4bd7aa

    SHA1

    c05bd318ef571f3d7ef6a280b51156994c3d5724

    SHA256

    fb927af574640e25c9001859f588d049af8aad22af0934b4cbb628c732b23924

    SHA512

    00b0515b4d9a77f4865f4b9111667c5be1baa5376f7c27fd12f77a915c9ad8893f97e1710b7463f9aa7eda3f45f632cf2de87213bb947bb7aa07996d55983f76

    Download Submit

  • memory/3480-0-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3480-9-0x0000000000400000-0x000000000046B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/4496-8-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4496-10-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/4496-11-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download