Overview

overview

7

Static

static

3

b4f2bf9ac9...65.exe

windows7-x64

7

b4f2bf9ac9...65.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 14:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4f2bf9ac9db7fe18614b2f38eb4f565.exe

  • Size

    82KB

  • MD5

    b4f2bf9ac9db7fe18614b2f38eb4f565

  • SHA1

    cb6b40cfe1564f98977373cd1f89d8e910838534

  • SHA256

    8b8beb6f8ebbf3e156cc02926ad5e328fa1cec5ffe873b5db215a7bcf477e369

  • SHA512

    f38b06d41331118778b7c076a8c17f35fd67852bd7f606cad66dfac3388ef1db2f01ed95e7765c363e2e4d7b0059994f06a9588b87e49b3fea8452d674d7987b

  • SSDEEP

    1536:evxz6PXH12ZT1coBKArRZRcBHUSRAeHxzE5BIiXB42xf+x:+AV25upArRTcBHQbBIieHx

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4f2bf9ac9db7fe18614b2f38eb4f565.exe
    "C:\Users\Admin\AppData\Local\Temp\b4f2bf9ac9db7fe18614b2f38eb4f565.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Users\Admin\AppData\Local\Temp\b4f2bf9ac9db7fe18614b2f38eb4f565.exe
      C:\Users\Admin\AppData\Local\Temp\b4f2bf9ac9db7fe18614b2f38eb4f565.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\b4f2bf9ac9db7fe18614b2f38eb4f565.exe
    Filesize

    82KB

    MD5

    a2dc93da71d898bd1052b087e7eff89e

    SHA1

    6506b193e0ec28a86856d48f0e1807426b4b32ac

    SHA256

    9dfc0f5429c80a5dec3184dfb54180ab813867d76e1aee4395f9bf02db80b30c

    SHA512

    d503125b22010c698b8773c14bf37a014ab0be75687ca08fb05247aa9bb4cacb8525f89194bfb797d0c945ec3d52ab0fdef7ea741154b7be3edf14c17b485e33

    Download Submit

  • memory/1940-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1940-1-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1940-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1940-16-0x0000000000210000-0x000000000023F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1940-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2964-18-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2964-20-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2964-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2964-27-0x0000000000230000-0x000000000024B000-memory.dmp

    Filesize

    108KB

    Download