Overview

overview

7

Static

static

3

991b9a12fd...2f.exe

windows7-x64

7

991b9a12fd...2f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13-02-2024 09:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    991b9a12fd180af6fed5d26bfa98e82f.exe

  • Size

    1.9MB

  • MD5

    991b9a12fd180af6fed5d26bfa98e82f

  • SHA1

    1bb1258d070e93787e1516f982ff908c14b3407e

  • SHA256

    278e4e0b152f292f24069402042876983f352818aa8e8b8bcf0413e935a7d38a

  • SHA512

    3448649dc5026b7bddb7b260419dd495c6aafb847a7d0988bff8e22760571a948de65b4c8cc0ace16e2b18d661a9956cba1e70839e03b0f83a2eb12a73a4eda7

  • SSDEEP

    49152:Qoa1taC070d1ucn4jAQRugVqNav6CZNXVKp:Qoa1taC0+uc2RvXS8s

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\991b9a12fd180af6fed5d26bfa98e82f.exe
    "C:\Users\Admin\AppData\Local\Temp\991b9a12fd180af6fed5d26bfa98e82f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Users\Admin\AppData\Local\Temp\1D50.tmp
      "C:\Users\Admin\AppData\Local\Temp\1D50.tmp" --splashC:\Users\Admin\AppData\Local\Temp\991b9a12fd180af6fed5d26bfa98e82f.exe 25763FD6708BA0743AD7A835664A5555F8C89628A55953DB85CD2902D5433A0E5FA30F498F3871A7C7372D85890BF8CC050138AA871A87147FD3B32AAE6512B3
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1D50.tmp
    Filesize

    1.4MB

    MD5

    b6a9ac381b7c82ea7865bd399a7648f8

    SHA1

    bf365bbf52648916a993a027ac48fa062eb8d04a

    SHA256

    606ba7a2b774c9625d40d3562caaf8909f28d6833438611bc8741aef71547d2d

    SHA512

    dc265d92a864666f770352cddd3578ba8dc4ba14c4cc349116a97958aa3477efb21b45dd271a215ad3452daa7038cb11bac287b5abf0fc5b82b200751a54ed95

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1D50.tmp
    Filesize

    1.9MB

    MD5

    7d7d1d43b941f6817c151d81f4715ee7

    SHA1

    bda3fca0bfd236f7771b4b94b1daeff95024b5c4

    SHA256

    7c676d5090b9260074437f278bb894565acec2445bb584c1925aa034000d9b4b

    SHA512

    89a31bf3b6fd15ca2e721c72811d87a68ad7131714b9f1c4f666eef71b093be6848093e6f79b100f7e9845093364dfa338a210ae48be654ec5e167bee48347e5

    Download Submit

  • memory/1152-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2056-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download