Overview

overview

5

Static

static

3

b6c412b99e...a4.exe

windows7-x64

5

b6c412b99e...a4.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 06:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b6c412b99ec8db39a7bfd590f52f01a4.exe

  • Size

    22KB

  • MD5

    b6c412b99ec8db39a7bfd590f52f01a4

  • SHA1

    9494638fe2202061d9cd65811f7ebeaea9381731

  • SHA256

    53e0094356fc446e9a0b440eeefae1c21459b8fda0b472a8fc58c0b5e4e10355

  • SHA512

    24e54e9a87ef605b809bcc5472b3a90f0d7245f0ce4a0ff9bf7d40cee5172347893aa5eacb40e24dfd92f39be0013a8b536e49a9ff96d4581dad7fa612f803a5

  • SSDEEP

    384:IAoK0T2pAO2V3de4ORAyR//S8EjEyU/Z61meI1iCJbOlf/fHTQtug5f7XfKIf:Ht0T2Wbe9RndEIyUIe1iMOlf/fHTQP5m

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6c412b99ec8db39a7bfd590f52f01a4.exe
    "C:\Users\Admin\AppData\Local\Temp\b6c412b99ec8db39a7bfd590f52f01a4.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\_deeteme.bat
      2⤵
        PID:280

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_deeteme.bat
            Filesize

            98B

            MD5

            abdfdc9c7b36cd3ffa3efa5995fd66a2

            SHA1

            ec855d9b153d77123ffb0ae6f08dfbcc6a4eb099

            SHA256

            1a2854260b1e74b2b702aa5fc3d748a233d23aa29c1cef8fa50c7b602e331b4e

            SHA512

            8142bedeeb37cc843f96999458fe7cfb5b69d2373e4fea2706b4fa0197031729d7508d7dc31afd00514f845b104c5b583f1a4e013f5b0e7e7ff31d5fb56cd7e7

            Download Submit

          • C:\Windows\SysWOW64\svcos.exe
            Filesize

            22KB

            MD5

            b6c412b99ec8db39a7bfd590f52f01a4

            SHA1

            9494638fe2202061d9cd65811f7ebeaea9381731

            SHA256

            53e0094356fc446e9a0b440eeefae1c21459b8fda0b472a8fc58c0b5e4e10355

            SHA512

            24e54e9a87ef605b809bcc5472b3a90f0d7245f0ce4a0ff9bf7d40cee5172347893aa5eacb40e24dfd92f39be0013a8b536e49a9ff96d4581dad7fa612f803a5

            Download Submit

          • memory/2092-0-0x0000000013140000-0x0000000013161000-memory.dmp

            Filesize

            132KB

            Download