bf33cf484d1a62c8b7fc916e689a095c2a65be6cbdc7fb7dff49ef20de3be6b2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67c699e5699abb7dfa7bbe83d99cb37a.exe
Size

19.1MB
MD5

67c699e5699abb7dfa7bbe83d99cb37a
SHA1

b32acd98faba40b05c3b43d156ae1a7296744fb2
SHA256

bf33cf484d1a62c8b7fc916e689a095c2a65be6cbdc7fb7dff49ef20de3be6b2
SHA512

39a8b0d3e614becd3dfbbfd54e300784d641e778fbe8a3f99b46ce86238b9f4bc45ed61f30a13d5e3f6848b288e36d58b981175ce956ec0786e3863b2774f639
SSDEEP

196608:+XM5XB5CMhUyhdvjYGEw1LN//ikQ/V/AY+ZVRwaa9tsi13q25iw7:+4DCMhUyh5jFEwvk/1yRwaaEif577

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
18	raw.githubusercontent.com
19	raw.githubusercontent.com

C:\Users\Admin\AppData\Local\Temp\67c699e5699abb7dfa7bbe83d99cb37a.exe
"C:\Users\Admin\AppData\Local\Temp\67c699e5699abb7dfa7bbe83d99cb37a.exe"
1⤵
PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1880-0-0x00007FF63B050000-0x00007FF63B97F000-memory.dmp

Filesize
9.2MB

Download
memory/1880-1-0x00007FF63B050000-0x00007FF63B97F000-memory.dmp

Filesize
9.2MB

Download