Overview

overview

7

Static

static

3

b8f476ee71...d7.exe

windows7-x64

7

b8f476ee71...d7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    161s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2024 14:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8f476ee71f8d88a09d905af072da5d7.exe

  • Size

    744KB

  • MD5

    b8f476ee71f8d88a09d905af072da5d7

  • SHA1

    b7dbdf72b10a82ae81bdb3995ac01adb92f0489b

  • SHA256

    ebf18604f74166bf0573a87aed5db30863a3689a06ec95bbe523ac7d4c768e71

  • SHA512

    1fe5f5c046d33e95328de276a76662487e88d94f2774d3316f9c5fad80344ee8e4bf175eab935f9cc6f74658111d06c56603e91f97bddc058c6e6d9b7cdb23be

  • SSDEEP

    12288:uaHc64b888888888888W88888888888KjscV7TdjL47zdU5im/XPTI33rD+zG/ov:F86DIW7uvmQ0XLWezG/aYFkJR30F6rpb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8f476ee71f8d88a09d905af072da5d7.exe
    "C:\Users\Admin\AppData\Local\Temp\b8f476ee71f8d88a09d905af072da5d7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3452
    • C:\Users\Admin\AppData\Local\Temp\is-97G8K.tmp\b8f476ee71f8d88a09d905af072da5d7.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-97G8K.tmp\b8f476ee71f8d88a09d905af072da5d7.tmp" /SL5="$301E4,372121,121344,C:\Users\Admin\AppData\Local\Temp\b8f476ee71f8d88a09d905af072da5d7.exe"
      2⤵
      • Executes dropped EXE
      PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-97G8K.tmp\b8f476ee71f8d88a09d905af072da5d7.tmp
    Filesize

    1.1MB

    MD5

    ae0931b62864077f4e8bf8ed1639d10a

    SHA1

    1c570fccbe6cb4abad985aa6ecee89c4d4768cae

    SHA256

    65a895c60e0d8044c4bf0f3ddce94633bb400fc34046f1f8e0f2ca18d1847789

    SHA512

    af7941f94115e3a6211192701c517327b6899b142c7aa67dba8885ea241b332088d0fe5131e3c36139bb12e08dd5493af0ff87ceb97d0c54a43ebcb0f53a14a0

    Download Submit

  • memory/860-6-0x0000000000740000-0x0000000000741000-memory.dmp

    Filesize

    4KB

    Download

  • memory/860-9-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/860-12-0x0000000000740000-0x0000000000741000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3452-1-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3452-8-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download