Overview

overview

7

Static

static

3

bfe5a46b3d...6f.exe

windows7-x64

7

bfe5a46b3d...6f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 04:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfe5a46b3d6161aa72c2af5e42265d6f.exe

  • Size

    1.9MB

  • MD5

    bfe5a46b3d6161aa72c2af5e42265d6f

  • SHA1

    557d9615ba0ee0aeb23dc541ff81685236014c92

  • SHA256

    ab93f03235162bb57ba068d2aced59f0285557f48832f395c3974976e7859e40

  • SHA512

    99189744d03b16d00c4d7edb0d085ae290021760c29658d8e23ed7206b8a735f901107caf20b87d550d09c1f33248da18c0b1aecde5c80bb2d1a390777dc5298

  • SSDEEP

    49152:Qoa1taC070d4ShWdldmqdLlXxT+x+h/0DeH:Qoa1taC0MAzYqdJX6U/0a

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfe5a46b3d6161aa72c2af5e42265d6f.exe
    "C:\Users\Admin\AppData\Local\Temp\bfe5a46b3d6161aa72c2af5e42265d6f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1076
    • C:\Users\Admin\AppData\Local\Temp\6DEC.tmp
      "C:\Users\Admin\AppData\Local\Temp\6DEC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\bfe5a46b3d6161aa72c2af5e42265d6f.exe 2E515D1B3444D7B0F48EA27786D388F63CB5FA298BA44F0DA2C847F13C9BAB4DE3FFB7E2EF0EEA96DE2EDB6F5F5BA7F83B12F7F50F4504DA73B5DC62F7131AE8
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6DEC.tmp
    Filesize

    1.9MB

    MD5

    1e520e1059e22ac9cc03a6c714cebf9b

    SHA1

    840d5e30cc26c6e869c95fb3752ff8467cf16309

    SHA256

    706c32b9d20b568bcec5418723113bf2bc5c6ef8b753511cf476f674f0ad543f

    SHA512

    160290c125a78a6a71ec4c1319d18f7710162f42fd24d7fdbf423afdf3b1ac52823051ad79e18bd16f5dfcc3532ddaead68baddbc32421669a3bf596a403a273

    Download Submit

  • memory/1076-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1860-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download