Overview

overview

10

Static

static

3

a65053c661...fb.exe

windows7-x64

7

a65053c661...fb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-02-2024 12:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a65053c661862e925484ecade1c4e2fb.exe

  • Size

    3.3MB

  • MD5

    a65053c661862e925484ecade1c4e2fb

  • SHA1

    ea6a29adbb18401406c321111b19a9ba6b924df8

  • SHA256

    06d12abdce3168f51a9e38d712b767bbf211d71553c74b33b5c79005c771d2c6

  • SHA512

    376c231c54175d65770015e3f033cb7702a7685e95df91940bb01c8ad62c4754e38ded3f81f2bee68829f5df308a2198795b37ffaebaf87ff20579a9e92163ef

  • SSDEEP

    98304:0UtJ2Y59CRpIaY8QQTJ6a24d6Yd4S+D845wVmE8G4T2O:0cORph/Bd4r845wVmE94Tr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a65053c661862e925484ecade1c4e2fb.exe
    "C:\Users\Admin\AppData\Local\Temp\a65053c661862e925484ecade1c4e2fb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\Users\Admin\AppData\Local\Temp\a65053c661862e925484ecade1c4e2fb.exe
      C:\Users\Admin\AppData\Local\Temp\a65053c661862e925484ecade1c4e2fb.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a65053c661862e925484ecade1c4e2fb.exe
    Filesize

    1.9MB

    MD5

    780d80aa92e771f3298d6e9c9493aca0

    SHA1

    b0b65f3400c268ac2be12e737888b6893c561750

    SHA256

    1e1dc09cf91e52bdb7f29542fbeefb4bfe0c43390eaecc2b29c47b3cf372ab6b

    SHA512

    bfe4daad1f2077f444e35543db42bf926b8748a29779a0dbd3019b65487d641c994a1ad6cd876647fe94b7ffd4d901aaa2aa6361719103edcdbe57480582c1c1

    Download Submit
  • \Users\Admin\AppData\Local\Temp\a65053c661862e925484ecade1c4e2fb.exe
    Filesize

    2.3MB

    MD5

    afe0f871c1339ce5a12aac2f2aefe64f

    SHA1

    38c018696d40b961fae25b03271b313cf1eaa049

    SHA256

    f8b23023b25f02e0f9275b036c0af59fbdd643b0fc200a9894e7710dd6c63fb5

    SHA512

    53feb6d3eac7203150e758d25b5be73d6cd00dfabf66401ceb7744363b2fef228275a854a7c3068521224bc5bbd3eb0dbd50e9c81ef4e87f6a1a54329e5154e9

    Download Submit
  • memory/936-0-0x0000000000400000-0x0000000000877000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/936-1-0x0000000000400000-0x000000000064D000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/936-2-0x0000000001AD0000-0x0000000001F47000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/936-14-0x0000000003D30000-0x00000000041A7000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/936-13-0x0000000000400000-0x000000000064D000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/2512-16-0x0000000000400000-0x0000000000877000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/2512-18-0x0000000000400000-0x000000000064D000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/2512-17-0x0000000001AD0000-0x0000000001F47000-memory.dmp
    Filesize

    4.5MB

    Download
  • memory/2512-23-0x0000000000400000-0x0000000000640000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2512-24-0x0000000003720000-0x000000000396D000-memory.dmp
    Filesize

    2.3MB

    Download