Overview

overview

7

Static

static

3

ba655e37c6...bd.exe

windows7-x64

7

ba655e37c6...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-03-2024 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba655e37c66c2114a3ef4fbda7cbb3bd.exe

  • Size

    3.5MB

  • MD5

    ba655e37c66c2114a3ef4fbda7cbb3bd

  • SHA1

    335a01e810066a1462356ed1922851b5b37d23bd

  • SHA256

    312afb2c3b152d7279e7ff0d7b405d0acce81a6cb62548c47a9550227edd852c

  • SHA512

    a0676a0bce49ac34e3b1483c77e0d8bd8406ae25f725aef5db3674f37e8694b6fccc8198e36e8c3a0bddf3d5224f6708ab67ab1e98b3ff8fcd3c546ed0ad2b56

  • SSDEEP

    49152:IT5gfniXtXIMfX2wGBDDQ/XSHdX4MPXGg:i1XtWHd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba655e37c66c2114a3ef4fbda7cbb3bd.exe
    "C:\Users\Admin\AppData\Local\Temp\ba655e37c66c2114a3ef4fbda7cbb3bd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Users\Admin\AppData\Local\Temp\ba655e37c66c2114a3ef4fbda7cbb3bd.exe
      C:\Users\Admin\AppData\Local\Temp\ba655e37c66c2114a3ef4fbda7cbb3bd.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2928
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 144
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ba655e37c66c2114a3ef4fbda7cbb3bd.exe
    Filesize

    3.5MB

    MD5

    f14504276a1eddb8919085fe0b1f66e3

    SHA1

    d09ae55a7b19cb5237508d7ab88d5d2ef63c1215

    SHA256

    1fad4ccf07009ece70d484701e326e885850b1f87442fc742cf099ba202a10fc

    SHA512

    8b9c1b522459630e9469fa5e69f33f54d1cf3dff60bd9bde1c1ef95e72fc29f7deaa4bd20a56a17a5cc1e16c83a37c354f4d8a5541ddfc42d771ceb3064a1888

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ba655e37c66c2114a3ef4fbda7cbb3bd.exe
    Filesize

    320KB

    MD5

    275738b2197fd597a7526cf251af2cf7

    SHA1

    7363cf8396e514ee0e307fba508e445eedd49726

    SHA256

    83d0245d902670b7de1ee872b63641122e6541523c7c7db8ba671bc818d1492f

    SHA512

    97e60ef080fe190cd5a4e2e0f79c8727d1f2f6cfcdc2e146fea2b9e04d3b07b40d57c98926209aa464dc3cabfe012c30e9ea16a0be9217c32685d4528d28bcdd

    Download Submit

  • memory/1752-0-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download

  • memory/1752-8-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download

  • memory/1752-6-0x0000000002C80000-0x0000000002D65000-memory.dmp

    Filesize

    916KB

    Download

  • memory/2928-10-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download

  • memory/2928-11-0x0000000002E80000-0x0000000002F65000-memory.dmp

    Filesize

    916KB

    Download