Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24/02/2024, 03:02
General
-
Target
a3df6e2031984aeea329fd145faa0d08.exe
-
Size
476KB
-
MD5
a3df6e2031984aeea329fd145faa0d08
-
SHA1
e0b243674f7233731e2d6dc45274f3b667c2af10
-
SHA256
f04acfe875191a4ddb25e7307648eb5fbf910e14032094fecfdd9de94e953327
-
SHA512
48c50979b3f3ba8022c56106e12dedca83476fe7a58d598fdbfa6650c0db9de554826178c8d1b7430425d4b71341f35e3a995fe32882a422f29393480acfdb59
-
SSDEEP
12288:aO4rfItL8HRN+PA76ea17GHF9r9ltq1SH8ygQ7K9wlsDpVFd:aO4rQtGRecFc7GHF1KyR+9wlsDpVFd
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3df6e2031984aeea329fd145faa0d08.exe"C:\Users\Admin\AppData\Local\Temp\a3df6e2031984aeea329fd145faa0d08.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3A52.tmp"C:\Users\Admin\AppData\Local\Temp\3A52.tmp" --helpC:\Users\Admin\AppData\Local\Temp\a3df6e2031984aeea329fd145faa0d08.exe 8127AE04B720D34E576E73153ABBBB7C7369D8707CD06170F128750C4E4BA91C98A588A18901D83E7ED6178140CC17DCE7286CE32148D9DAC8A435D8A6AA28662⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD5e3995150ef7274755c75f7c5e64259ab
SHA1322479e6a358db1ab6c8cfbfed26e9e77260eace
SHA2567a251d5aeee69240865564866ca1553e41688fe731b8df6df5c23d4502e9f73f
SHA5124b7e8c8ef29b39260b8e03e1432ad02384eb6d4d77fbe0fcc8f2365e968f4a52f7762c208d5df0b29241ce45e2835ecb2db6878e2ee700524a44a18783f2a659