Overview

overview

7

Static

static

3

b4670f301c...80.exe

windows7-x64

7

b4670f301c...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 09:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4670f301c6833dfb1fed1949a94ad80.exe

  • Size

    4.2MB

  • MD5

    b4670f301c6833dfb1fed1949a94ad80

  • SHA1

    7db0c6fa6d2ed6a96e288536daa5119b6e4dc4c4

  • SHA256

    c9fb9690dd28e30cc157ae7995a3590f2e13a8387d3126e53ec5173d427249b9

  • SHA512

    fe68df441756800a317c04daee4463a88d1909d869eb387304fe63224e20de886582f704ad5384df14a9efc148022250fab00b639c3f6148a0cf2fa3d4b8b442

  • SSDEEP

    98304:emhd1UryefTcX9F+OvvsCVLUjH5oxFbxCVLUjH5oxFbx:el/QEOHpVUjZEdCVUjZEd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4670f301c6833dfb1fed1949a94ad80.exe
    "C:\Users\Admin\AppData\Local\Temp\b4670f301c6833dfb1fed1949a94ad80.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Users\Admin\AppData\Local\Temp\80E8.tmp
      "C:\Users\Admin\AppData\Local\Temp\80E8.tmp" --splashC:\Users\Admin\AppData\Local\Temp\b4670f301c6833dfb1fed1949a94ad80.exe 8C468758BA2FCC8ECA9BA33253559D81B698AD85217E19D073C0FE6AD17815C69B2368D714B890BF645EC68E3C50E5F4B2AE0B63B30A20051FC41F68AB00ECF9
      2⤵
      • Executes dropped EXE
      PID:3832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\80E8.tmp
    Filesize

    4.0MB

    MD5

    478b79a75ef9548652804b4b177faf36

    SHA1

    d8a379dcfe08d6f14c966988fe419bb6636cdc90

    SHA256

    5622f52511e8c23984b02ab4c531bfea9395e1b1b61238de5083bc181a40c7a9

    SHA512

    70afb2e5ffed7dc6c5d717e35c143b556646db634f793d7e273f118fe512dd50c777dedba2f549f408a0a5d1da756142155bb515d701fa063dc83bcbad4ac468

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\80E8.tmp
    Filesize

    3.8MB

    MD5

    50c0120b1348d8858a01223ffcdb57be

    SHA1

    9496584b8774db1e0c28b835c03ee02dccc3a313

    SHA256

    157b4a4ab8780374715ca0fb75a0a4d6d09afbb0320139d9215ea699dc857758

    SHA512

    848c2b54022508613120a1a11b2c900b3d0dd860b8f22a1bf5d9a65c3267a55b375be1e2ae6c45a281fcc16a5b3091d0ce11509c76628249056bf10abe231e73

    Download Submit

  • memory/1900-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/3832-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download