Overview

overview

7

Static

static

3

b63c34f5a3...a5.exe

windows7-x64

7

b63c34f5a3...a5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 02:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b63c34f5a3ea33b45b01850d9f7e54a5.exe

  • Size

    1.9MB

  • MD5

    b63c34f5a3ea33b45b01850d9f7e54a5

  • SHA1

    00eeb321909d9520c2e8c4786d132ec160763f7d

  • SHA256

    b88aca9c3408af00da20862ac5df3fc6b52199226766e2c8d56cb216bba34830

  • SHA512

    4b757aaa9a02a6e2ec12f6288c8be78ac77bf037e0a6db1555dea59679e9926749251a8f6d17e59f45870d8cd1bd864bbedb63dd5bea69e07fa1f0f98d3d6fbb

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10diMSwN2UTBIVo+v33YYI7vnRpIdjSPVOfseyo:Qoa1taC070di29W73YYavRpI50gsreTf

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b63c34f5a3ea33b45b01850d9f7e54a5.exe
    "C:\Users\Admin\AppData\Local\Temp\b63c34f5a3ea33b45b01850d9f7e54a5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\AppData\Local\Temp\C40A.tmp
      "C:\Users\Admin\AppData\Local\Temp\C40A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\b63c34f5a3ea33b45b01850d9f7e54a5.exe ECF367CD4970F18771499015BABE4078E1BFA2B409C5BDAFDD6E66A07881000C0B2E537D82EE34D4F35CA33E93C9A388566D67BB7F821FD5B12FDB76FEBE67A2
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1224

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\C40A.tmp
          Filesize

          1.9MB

          MD5

          f4eb26107fad21ef254190c35401144d

          SHA1

          d4690d4295b58ce141336a6003e8310f1e42ac98

          SHA256

          3718d4b12ec1687f226e4ee7d3999eb8c4fcfd8ca3c4f1b69bc31497166ed485

          SHA512

          1bd7dc8d371ff61f03bc1cae91f9be9a9de8c19b59251c9b173e69fdc63611ccd24f15184117271366e0d5726cce065c866ca0a4377edc10b0dee4ca1c2da9cd

          Download Submit

        • memory/1224-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2080-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download