Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-02-2024 23:28

General

  • Target

    858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913.exe

  • Size

    714KB

  • MD5

    7727963efc8200f92940631f9d78a872

  • SHA1

    54fe7f1c71139b3d6d41bcad47798a3f7eb8cd0e

  • SHA256

    858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913

  • SHA512

    cc005701158c0984fe07b60c4f73db69d4d4ece57559b6410de7a541e42b9409595a32ecded3fcbd33247d31d9f06d6d6aff25118a90cf16284430083017c4e9

  • SSDEEP

    12288:zo01IzLB/XV/JfQqjV+tFHxMfR+G1x2VK8PTkKE2qtFL/MLsJT55:zLMb/5QqjV+tFRMfRuk528L/M8T55

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913.exe
    "C:\Users\Admin\AppData\Local\Temp\858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Users\Admin\AppData\Local\Temp\.858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913.hisgmfxdvbvtmkvuyprbmicifcmsnohu.__selfdelete__.exe
      "C:\Users\Admin\AppData\Local\Temp\.858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913.hisgmfxdvbvtmkvuyprbmicifcmsnohu.__selfdelete__.exe" 268 C:\Users\Admin\AppData\Local\Temp\.858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913.fsazrbtfyzoabmqqwuidchckongaedbi.__relocated__.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2504
      • C:\Windows\system32\cmd.exe
        cmd.exe /c exit
        3⤵
          PID:2688

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\.858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913.hisgmfxdvbvtmkvuyprbmicifcmsnohu.__selfdelete__.exe

      Filesize

      714KB

      MD5

      7727963efc8200f92940631f9d78a872

      SHA1

      54fe7f1c71139b3d6d41bcad47798a3f7eb8cd0e

      SHA256

      858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913

      SHA512

      cc005701158c0984fe07b60c4f73db69d4d4ece57559b6410de7a541e42b9409595a32ecded3fcbd33247d31d9f06d6d6aff25118a90cf16284430083017c4e9