Overview

overview

7

Static

static

3

b86956d1e7...30.exe

windows7-x64

7

b86956d1e7...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    161s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2024 09:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b86956d1e795442c5c37665c74833430.exe

  • Size

    385KB

  • MD5

    b86956d1e795442c5c37665c74833430

  • SHA1

    ad2756166315fb9d9d1d1b096fcd406f4eebfae5

  • SHA256

    06e83dca3c87f0fb3746ff704ad306728ed7577fa78a3485e8abbc41be183df4

  • SHA512

    dc9da340fb838d50765d3b260d7481f4677b70c71e00f4795f74822feb7fe955cf05bdfdf579f7c9197dae9384673d0665292a7315b0093d964397b7e02b9672

  • SSDEEP

    6144:UEgyT/3xRAzvEVV2vC2yPQPRqxyDAlnxeewR/3JvOuzsZTEkjlsrKRA78BY7+rXE:iyczUCqxnls51OuzmhfBa+rX+B

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b86956d1e795442c5c37665c74833430.exe
    "C:\Users\Admin\AppData\Local\Temp\b86956d1e795442c5c37665c74833430.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Users\Admin\AppData\Local\Temp\b86956d1e795442c5c37665c74833430.exe
      C:\Users\Admin\AppData\Local\Temp\b86956d1e795442c5c37665c74833430.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\b86956d1e795442c5c37665c74833430.exe
    Filesize

    385KB

    MD5

    cedbb2dab679632a3490946f82289fba

    SHA1

    b82077f5f4fd8c33dccaa683ed30101bb76b5ea5

    SHA256

    77debfb81e4af8dd679e96467126cd5ff0f8ec0d1ae945f6ff0d1aa74c9e49fe

    SHA512

    fa6b96d806ca117736cb48b2b85e9bce772a6240d792abf9568ca0dfb22b6a862c4c4c3687210e01c017a644a5eee81b87cafdc5dc46170c39c337c06e51bd09

    Download Submit

  • memory/4328-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4328-15-0x00000000015D0000-0x0000000001636000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4328-20-0x0000000004E80000-0x0000000004EDF000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4328-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4328-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4328-32-0x000000000B600000-0x000000000B63C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4328-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4392-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4392-1-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4392-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4392-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download