Overview

overview

7

Static

static

3

a2b2f7ff9a...74.exe

windows7-x64

7

a2b2f7ff9a...74.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 20:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a2b2f7ff9aadf9e361f48b934838f974.exe

  • Size

    1.9MB

  • MD5

    a2b2f7ff9aadf9e361f48b934838f974

  • SHA1

    772fce04d3e498cd622a7eed55a019f5911a83a8

  • SHA256

    a5025d6d55a2be52f33c8a798b224dd0cf3773899bbd81d3bdbc2c742caccf27

  • SHA512

    9b8d5ad3fded3710eb6276cefc56f9c63a405e921032103feaba54041c0191ef6cd91686fe34453856534e797fc1a7cf61fd826ec8f00bf8bb3e1410bf2f6c2b

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dhnk7c27BOVkwQUPGLCbJCgy3zDarqE1vDZPk:Qoa1taC070dhJicmUPNzrXZBmJ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2b2f7ff9aadf9e361f48b934838f974.exe
    "C:\Users\Admin\AppData\Local\Temp\a2b2f7ff9aadf9e361f48b934838f974.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\5310.tmp
      "C:\Users\Admin\AppData\Local\Temp\5310.tmp" --splashC:\Users\Admin\AppData\Local\Temp\a2b2f7ff9aadf9e361f48b934838f974.exe 7ED6EAE3380FB4DFCE0657447ED78C624E39C450E28A99236D318A83CE80AA847B14C599CD469DF77F6E203E9CDCA7ED1542141BDE001842F734908030CA4745
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2132

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5310.tmp
          Filesize

          664KB

          MD5

          e9e0309eb07ce118a1598522d23811aa

          SHA1

          9c6dd22d46a670c0b74129a2152e7664bc28c853

          SHA256

          4ef8a68ba5adbc6a3a987cbba880ac540330d7853ef7b9bc2f96397fed799dee

          SHA512

          380aa0446726eae31bc30aef01f146090fa07596a3574f64bc9afcd1dbf0e578bb90e3e747a377088babaa797a2dcf65c0d1af7831e8e11400a9d197d96fdba9

          Download Submit

        • \Users\Admin\AppData\Local\Temp\5310.tmp
          Filesize

          960KB

          MD5

          b167228aaede519f1f11c3c5a5a4025b

          SHA1

          d0e6becc27aa6c9c592c50020ae9d694c86f3043

          SHA256

          799f368e28fd6afcd34284a61113af34e90bcbebc73789e4f74f4f56932a9766

          SHA512

          5fe519d04cea3700e0fc2a9032bb399b4978fc84f6347f1bf0e4c13df0fb96f4ff971c83477f996ddb95693c35ffe13f9ba4a1e019d5203a9e0b185967794c51

          Download Submit

        • memory/2132-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2252-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download