Overview

overview

7

Static

static

3

b9c0bf4a0e...f5.exe

windows7-x64

7

b9c0bf4a0e...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2024, 21:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b9c0bf4a0ec216073e6c3f8eeab5c6f5.exe

  • Size

    907KB

  • MD5

    b9c0bf4a0ec216073e6c3f8eeab5c6f5

  • SHA1

    72ce36238b2a9cc505ae9dbefb8d021cf14e2631

  • SHA256

    3d52f0cb4ff055822197c80851c9a9e9ad2db88326cc89ce9589d269e99bd5fc

  • SHA512

    d45dd602931d718bd0e2e393a36f0df4c7a0c2591076c9a1df167a621e10203e2ca7dadd98227f5acaa321e4658f78df8a27e486788fc281217733c2e41c339d

  • SSDEEP

    12288:uaFvd13SazalEc1cnjs0QLxsxwLK9YqAqAn/nRUYbZULHcT7jVDa/ZS1:uMd13WGc1cdYKw+SqzW/RUIGqa/ZS1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9c0bf4a0ec216073e6c3f8eeab5c6f5.exe
    "C:\Users\Admin\AppData\Local\Temp\b9c0bf4a0ec216073e6c3f8eeab5c6f5.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:5052
    • C:\Users\Admin\AppData\Local\Temp\b9c0bf4a0ec216073e6c3f8eeab5c6f5.exe
      C:\Users\Admin\AppData\Local\Temp\b9c0bf4a0ec216073e6c3f8eeab5c6f5.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1352

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\b9c0bf4a0ec216073e6c3f8eeab5c6f5.exe
          Filesize

          907KB

          MD5

          1d74dd8809ea04ee276cccf207fb3feb

          SHA1

          0aca4da2c09fafa711a5a4ca5715601c02875bef

          SHA256

          441c2b94006a64525478180f5dcb48d5741ad9014c0bdf39bb91b543b37aca68

          SHA512

          3cb4e43d6178551ca9ab10d9b2ab2782ab0521135bce51d452e6025fcb5a76349b1919b225eb0d6ccc5bf39b18b21c0f49701b1a53af6040f2f7f4ec7fbe8154

          Download Submit

        • memory/1352-13-0x0000000000400000-0x00000000004E8000-memory.dmp

          Filesize

          928KB

          Download

        • memory/1352-14-0x0000000001870000-0x0000000001958000-memory.dmp

          Filesize

          928KB

          Download

        • memory/1352-20-0x0000000005100000-0x00000000051BB000-memory.dmp

          Filesize

          748KB

          Download

        • memory/1352-21-0x0000000000400000-0x0000000000498000-memory.dmp

          Filesize

          608KB

          Download

        • memory/1352-30-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1352-36-0x000000000B800000-0x000000000B898000-memory.dmp

          Filesize

          608KB

          Download

        • memory/5052-0-0x0000000000400000-0x00000000004E8000-memory.dmp

          Filesize

          928KB

          Download

        • memory/5052-1-0x00000000016F0000-0x00000000017D8000-memory.dmp

          Filesize

          928KB

          Download

        • memory/5052-2-0x0000000000400000-0x00000000004BB000-memory.dmp

          Filesize

          748KB

          Download

        • memory/5052-11-0x0000000000400000-0x00000000004BB000-memory.dmp

          Filesize

          748KB

          Download