Overview

overview

7

Static

static

3

c4579c593a...b9.exe

windows7-x64

7

c4579c593a...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4579c593a748d818d0ff4f297f59cb9.exe

  • Size

    92KB

  • MD5

    c4579c593a748d818d0ff4f297f59cb9

  • SHA1

    4f885419c5d6807392ff50ee1b2de22b11bf5ee4

  • SHA256

    62b05494b801a46f3178e5913388c25fac71ef470171f3d0ff76a6a50c5a2d9b

  • SHA512

    2080c4b8ff04104f2897a047be3c5682d5d9b9468f2097d7c1b3700a28114e6bf5835a9abf6c958b04d1d6b1cc15ffebcee187d69eb9444ff3f3691123b85ab8

  • SSDEEP

    1536:7HGbkSd4+yhT2SjZFpPzyOfms2NTd9+cc/NsMBY1ay0CuEZdjsa:7H5k4X0Ofms2p+cqNsYS50AZRx

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe
    "C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe
      C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe
    Filesize

    92KB

    MD5

    794b22d48c3245b19721cfd3fe995204

    SHA1

    cbbcb4c2271ca63ca5a9779640ac5a41bcbd8b1b

    SHA256

    fa9de58b7b844171a8752229a31e87c35397d0e3af469422f69ea633a53d797f

    SHA512

    12e699a2117312a5ed1b30b4ae2a7abb4f991ee393a2d0d056146edc4454100c01fa80bd50400301167abe741ec9b2d834f45e079ae11ea2a08def2943285e49

    Download Submit

  • memory/1196-17-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1196-20-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1196-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1196-25-0x00000000001A0000-0x00000000001BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2972-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2972-4-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2972-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2972-16-0x0000000000190000-0x00000000001BF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2972-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download