Overview

overview

7

Static

static

3

1c070d4698...36.exe

windows7-x64

7

1c070d4698...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2024, 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c070d4698409c3372de97db54e6ae36.exe

  • Size

    214.8MB

  • MD5

    1c070d4698409c3372de97db54e6ae36

  • SHA1

    a871128e036799aec534195007da071be598b6f4

  • SHA256

    08356bd582cce71e4dfed52e86d3cfc73e764b434f362e564c79364b3c535a17

  • SHA512

    a92d1f2682a79d0ce7119982f347658a71b20803e3077fb496fbf19090922c584d775392635bea32516e6b9c0db2fcaf40c26be6d606784190697e1fad886868

  • SSDEEP

    6291456:fo9uXqpDtoBu5Fhk0WtD/tC7KtWo8/PlA:6TDtWurV/7PoP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c070d4698409c3372de97db54e6ae36.exe
    "C:\Users\Admin\AppData\Local\Temp\1c070d4698409c3372de97db54e6ae36.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Users\Admin\AppData\Local\Temp\is-1FJRA.tmp\1c070d4698409c3372de97db54e6ae36.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1FJRA.tmp\1c070d4698409c3372de97db54e6ae36.tmp" /SL5="$B00DE,224230648,832512,C:\Users\Admin\AppData\Local\Temp\1c070d4698409c3372de97db54e6ae36.exe"
      2⤵
      • Executes dropped EXE
      PID:4804
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5720 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1640

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\is-1FJRA.tmp\1c070d4698409c3372de97db54e6ae36.tmp
      Filesize

      3.1MB

      MD5

      8983e941d78847553ee84b0b87f2188b

      SHA1

      f9f9f10a5c99cb8961adc82aa2e5075c48a29cf5

      SHA256

      f0f027b0ee4558fa060736fda466deb12b28e85fbd125b96c4950fdbd697ba6f

      SHA512

      351f6b33ac664394b70d0d202094a6b1aefaf6b8e69a1f9e76d478914d27666ada1064aa21bc55f5399a5b1b8dfd983b05ed788c93896354af4845c5a90349c4

      Download Submit

    • memory/1216-0-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

      Download

    • memory/1216-7-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

      Download

    • memory/4804-5-0x0000000000930000-0x0000000000931000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4804-8-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/4804-11-0x0000000000930000-0x0000000000931000-memory.dmp

      Filesize

      4KB

      Download