Overview

overview

7

Static

static

3

a397b30b10...dd.exe

windows7-x64

7

a397b30b10...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 10:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a397b30b1023379e88a570dddc023ddd.exe

  • Size

    385KB

  • MD5

    a397b30b1023379e88a570dddc023ddd

  • SHA1

    548e456361fc1e37e6f86b298070cf575bbddb68

  • SHA256

    406c7211ff817191aeb3368c838fb4de7879f2b2aaf1df5af531ce86ef0f5cdd

  • SHA512

    025cd3e5f275434f5ca610ac231d8b52ab9cd1b0dfd8b2ff192cad326b7c52827b246f1b9f95f4dc22be12103c699abbdf889d173df4e1b0bde71f45d2a25c71

  • SSDEEP

    6144:qIwBb1SMIUpj4FK9jel5dFTlB0ATfZt8CK7oClsRyUxfsVmB:7g4MyFUCTd3B5837oCSysXB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a397b30b1023379e88a570dddc023ddd.exe
    "C:\Users\Admin\AppData\Local\Temp\a397b30b1023379e88a570dddc023ddd.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3868
    • C:\Users\Admin\AppData\Local\Temp\a397b30b1023379e88a570dddc023ddd.exe
      C:\Users\Admin\AppData\Local\Temp\a397b30b1023379e88a570dddc023ddd.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a397b30b1023379e88a570dddc023ddd.exe
    Filesize

    385KB

    MD5

    e400ae4fdd0f856234e3b94c7ba686d5

    SHA1

    8367a5ffc28bb987f06b0cbbfbe028ed4b59ec32

    SHA256

    e395114ab0c3636381f7d3caddf1c21d588d16e07b582e89071f9c7631dcfd07

    SHA512

    14adb6ca54a676dbed0cf9f9a3cbcea093390da859287badcaf1db9b7a5b8ea8c0e1cdeab26f9ceeab97bd0ef3bb49a9e36f30ebd7a6d3ab37d0d127bfb6150b

    Download Submit

  • memory/1836-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1836-14-0x00000000015D0000-0x0000000001636000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1836-20-0x0000000004F00000-0x0000000004F5F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1836-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1836-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1836-32-0x000000000B600000-0x000000000B63C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1836-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3868-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3868-1-0x00000000014D0000-0x0000000001536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3868-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3868-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download