Overview

overview

7

Static

static

3

966b0b18aa...b8.exe

windows7-x64

7

966b0b18aa...b8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    966b0b18aa005300c6a2b6feb0e4b7e02d870bfe1924c3245fd939f4e14bc7b8.exe

  • Size

    320KB

  • MD5

    88e066f7cf73bfdbd195ed2785b8f980

  • SHA1

    943c546592446c145c9537c8cd09047c37bbf405

  • SHA256

    966b0b18aa005300c6a2b6feb0e4b7e02d870bfe1924c3245fd939f4e14bc7b8

  • SHA512

    5e948ab736858d399e271947fde135a0da1c44e05b7a7fc7a8851c9fc483a7bccab6fe38b8899aa3ecfb75d73f7844df764da0328dbe8b7a020de739abf24ffc

  • SSDEEP

    6144:ua5vsij4cfOL52aEsyk8Xeucf53BDu0W7cyqCxSngmMBqfycuPbUl0i5j:ua5YGDk8Xeucf53p80npM4dl0s

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\966b0b18aa005300c6a2b6feb0e4b7e02d870bfe1924c3245fd939f4e14bc7b8.exe
    "C:\Users\Admin\AppData\Local\Temp\966b0b18aa005300c6a2b6feb0e4b7e02d870bfe1924c3245fd939f4e14bc7b8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Users\Admin\AppData\Local\Temp\966b0b18aa005300c6a2b6feb0e4b7e02d870bfe1924c3245fd939f4e14bc7b8.exe
      C:\Users\Admin\AppData\Local\Temp\966b0b18aa005300c6a2b6feb0e4b7e02d870bfe1924c3245fd939f4e14bc7b8.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\966b0b18aa005300c6a2b6feb0e4b7e02d870bfe1924c3245fd939f4e14bc7b8.exe
    Filesize

    320KB

    MD5

    9220345d18f7ae4badc9312dc261b26a

    SHA1

    5259fd83a1d92adcae3a4703e457f9a7e7d49789

    SHA256

    ce0219b04e9c7662b795b61a1aa7e9bdfedb54a16c6625c385d35ea94839dd76

    SHA512

    46019c26fc7a9f75cde862b9e62add4fa111a179e9eda84dc829d362689db4bb697b41116eb829305505bd467ad6ab0c434f9001eda464c0265747e3090cabf0

    Download Submit

  • memory/2528-11-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2528-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2528-12-0x0000000000310000-0x000000000034C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2540-0-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2540-9-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2540-5-0x0000000000130000-0x000000000016C000-memory.dmp

    Filesize

    240KB

    Download