Overview

overview

7

Static

static

3

98881b9450...23.exe

windows7-x64

7

98881b9450...23.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13-02-2024 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98881b9450089a67dd0c3795781e7123.exe

  • Size

    1.9MB

  • MD5

    98881b9450089a67dd0c3795781e7123

  • SHA1

    bb6324241690084faebae444cbe63242464556cc

  • SHA256

    1e2c08504cbbc3c67942ecc4fa04c54f3ac268f4d62106bd1dd359f7041d3595

  • SHA512

    666c863e2f747a3d80d9f9d054ed122fb6cddfc4a3b68fbcda053069f047223f7827cb73d96bbd5a37eeaa50d412707da0bef398872f5dae3debf0c940e50e90

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dT7xgISJQBHUm8R9loaXoltk+dOx59C1cjBbf:Qoa1taC070dTSS5EDl26AO3I1cj9Q08I

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98881b9450089a67dd0c3795781e7123.exe
    "C:\Users\Admin\AppData\Local\Temp\98881b9450089a67dd0c3795781e7123.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Temp\499E.tmp
      "C:\Users\Admin\AppData\Local\Temp\499E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\98881b9450089a67dd0c3795781e7123.exe 88D813B2A1B4E9AB9FD2B18433783737218CE8E34489D9CDD43B7E6B34383429853FFD191AD44234BF51F5EEB77ADC1C9C562966B181916A6CEE7CF0D4C58CDC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\499E.tmp
    Filesize

    1.9MB

    MD5

    ace5fa4bdeae6ca1282a69c99ce55087

    SHA1

    3352a23ae765023d462dd12cf9c8d86627941d96

    SHA256

    3f565ceb3a382ec3b1092c07f19d20ae0f75f29fad9f5439c3a498c5a9f2a8f5

    SHA512

    75b75515ab8a3d35806b7fd1ec9b3300c688ede3741cabc9e00b01024d962644d6e70a4862122e18f8f75573e33cfe2e8f9d9f28a5b745fb5666de070c46f76e

    Download Submit

  • memory/2092-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3064-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download