Overview

overview

7

Static

static

3

a2a9b7867e...6f.exe

windows7-x64

7

a2a9b7867e...6f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2024 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a2a9b7867e4ae91b03759f1c3153c0d87415a90358be8ee98ea15edf890c0a6f.exe

  • Size

    433KB

  • MD5

    67ebb6e5cac11fd85031ed93e6958524

  • SHA1

    2fd6cb5f8e67e87e29b11bf609d3eef4a13768f3

  • SHA256

    a2a9b7867e4ae91b03759f1c3153c0d87415a90358be8ee98ea15edf890c0a6f

  • SHA512

    d6c511de9f9804beb9a79d056c01ac9e31edca10b85998d9ff0ca3aa6f2b006961e1e3b87d444d41ccb9f4e52701a31899643b9c021f0af5c9550389a2d23847

  • SSDEEP

    6144:Cajdz4sTdDyyqiOXpOd0p6Jiv+vtv1S9CS1SE2deWcQv9cvNLFPydIUcPQmn:Ci4g+yU+0pAiv+CILEhQFgnaxmn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2a9b7867e4ae91b03759f1c3153c0d87415a90358be8ee98ea15edf890c0a6f.exe
    "C:\Users\Admin\AppData\Local\Temp\a2a9b7867e4ae91b03759f1c3153c0d87415a90358be8ee98ea15edf890c0a6f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3388
    • C:\Users\Admin\AppData\Local\Temp\C01.tmp
      "C:\Users\Admin\AppData\Local\Temp\C01.tmp" --helpC:\Users\Admin\AppData\Local\Temp\a2a9b7867e4ae91b03759f1c3153c0d87415a90358be8ee98ea15edf890c0a6f.exe 30059617827F7A7A02AAA069D2F192F215FD16B2ABEFD7C017B89E0C2AD88916514F97B81FA160A3BBF7C9DE8FE30BA27DFAFA6156EA40D273AD55F509F94330
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1432
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3820

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\C01.tmp
      Filesize

      433KB

      MD5

      f2f876de4f4b74f9d30d9b94dc8b6e18

      SHA1

      e0e5ede981882f8a84a50d6292fa33059c57bf4a

      SHA256

      f6c1213a8e387bf72934509e555e69de5074c398643a9880caedca101fd51195

      SHA512

      f0840a3cda304a72769e6d3e1746449dd73acbfc7e546776ff1b106ddf172e30b79457616ecb6bcd2d36d95e5bcbdb99c6ace1d04bd1a2a372940e1dabd3f0a2

      Download Submit