Overview

overview

7

Static

static

3

f7b25bb6e2...fb.exe

windows7-x64

7

f7b25bb6e2...fb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7b25bb6e2475dc4c8c5e4d5570c26935875ff67ec176e1e010e3c001c0d78fb.exe

  • Size

    1.8MB

  • MD5

    bf1bba9cdc06dcab026cee343d6a1ea3

  • SHA1

    cbf6c3576a89fc326c8b68febe9bdac92fbf26b0

  • SHA256

    f7b25bb6e2475dc4c8c5e4d5570c26935875ff67ec176e1e010e3c001c0d78fb

  • SHA512

    4c2e1acee3381112fe42b7841e153f358b159066e41c50f8ceec80d4c23aec002674ff12b2df81126c70a2d4922ea4fd86178d8d1cd5b5cc880733ce9cd5cfdb

  • SSDEEP

    24576:x7FUDowAyrTVE3U5F37xA5iu8Y0FPe1s8IUsFvRdNOItq8+KQ6Oi:xBuZrEUHm5kYlzFsFZegr7Qo

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7b25bb6e2475dc4c8c5e4d5570c26935875ff67ec176e1e010e3c001c0d78fb.exe
    "C:\Users\Admin\AppData\Local\Temp\f7b25bb6e2475dc4c8c5e4d5570c26935875ff67ec176e1e010e3c001c0d78fb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3116
    • C:\Users\Admin\AppData\Local\Temp\is-BV1JP.tmp\f7b25bb6e2475dc4c8c5e4d5570c26935875ff67ec176e1e010e3c001c0d78fb.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-BV1JP.tmp\f7b25bb6e2475dc4c8c5e4d5570c26935875ff67ec176e1e010e3c001c0d78fb.tmp" /SL5="$D01D2,1016077,843776,C:\Users\Admin\AppData\Local\Temp\f7b25bb6e2475dc4c8c5e4d5570c26935875ff67ec176e1e010e3c001c0d78fb.exe"
      2⤵
      • Executes dropped EXE
      PID:4888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-BV1JP.tmp\f7b25bb6e2475dc4c8c5e4d5570c26935875ff67ec176e1e010e3c001c0d78fb.tmp
    Filesize

    3.0MB

    MD5

    2a180252267d0e6861ff0d865ff1a314

    SHA1

    02f6b383068982853ade1bd60767425df5639676

    SHA256

    f10f01c6619908ed0ec0ed012f1212f19deca8f0d74512725268db679f205925

    SHA512

    49dd8d7051dcf34ef81c1d62aed916c35365fb6cbd02f5b31a0844380cbbfebf4a98abf6181904bbf41a63e6788e42e0771440110917ff7c5599b10b9bc3fec9

    Download Submit

  • memory/3116-0-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/3116-7-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/4888-5-0x0000000002810000-0x0000000002811000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4888-8-0x0000000000400000-0x0000000000716000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4888-11-0x0000000002810000-0x0000000002811000-memory.dmp

    Filesize

    4KB

    Download