Overview

overview

7

Static

static

3

a23f6d5912...f5.exe

windows7-x64

7

a23f6d5912...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a23f6d59122dd58976617e18c50f52f5.exe

  • Size

    57KB

  • MD5

    a23f6d59122dd58976617e18c50f52f5

  • SHA1

    7d5bbb755d003eacde0dfd5e606d80170e72b5ab

  • SHA256

    d05c8c55e1bafffb5de10d023bd5e516727c14cbb3b0180c7a736c1373d4d2b3

  • SHA512

    9e7797874dcb6543eeb0ca457d9f097ee7fd216afa19428466b00b26a2c21112432b6faa750ba7cfc1504df0fbe4d47d637b74ba57c08590626d4a707c6ed05c

  • SSDEEP

    1536:KHDii962NpgxTO1dI/6CwvUKyR7lHqIkc3KChGFK+9:KxVNp0C7IX7hqIkQfzu

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a23f6d59122dd58976617e18c50f52f5.exe
    "C:\Users\Admin\AppData\Local\Temp\a23f6d59122dd58976617e18c50f52f5.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:616
    • C:\Users\Admin\AppData\Local\Temp\a23f6d59122dd58976617e18c50f52f5.exe
      C:\Users\Admin\AppData\Local\Temp\a23f6d59122dd58976617e18c50f52f5.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a23f6d59122dd58976617e18c50f52f5.exe
    Filesize

    57KB

    MD5

    ed9ba5c6a959424683752593945edf10

    SHA1

    f31245244452565907efa218bffb147945b6f978

    SHA256

    98bed94c26b0f216abd4d8fe95681d1bbe7aa6107062a27b6ce6e46ee40725a1

    SHA512

    0ff52d9a2907b1b8483cad62d924e048e36abf0ac75a14eaa5c3f03c29b830688a6a07d056c91c0c734f6ac1cd55a24ca7201aede7047cf51c9f70003e9d2cf4

    Download Submit

  • memory/616-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/616-1-0x00000000001B0000-0x00000000001DC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/616-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/616-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/5032-13-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/5032-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/5032-15-0x00000000000C0000-0x00000000000EC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/5032-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/5032-23-0x0000000004D90000-0x0000000004DAB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/5032-26-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download