Overview

overview

7

Static

static

3

c4579c593a...b9.exe

windows7-x64

7

c4579c593a...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4579c593a748d818d0ff4f297f59cb9.exe

  • Size

    92KB

  • MD5

    c4579c593a748d818d0ff4f297f59cb9

  • SHA1

    4f885419c5d6807392ff50ee1b2de22b11bf5ee4

  • SHA256

    62b05494b801a46f3178e5913388c25fac71ef470171f3d0ff76a6a50c5a2d9b

  • SHA512

    2080c4b8ff04104f2897a047be3c5682d5d9b9468f2097d7c1b3700a28114e6bf5835a9abf6c958b04d1d6b1cc15ffebcee187d69eb9444ff3f3691123b85ab8

  • SSDEEP

    1536:7HGbkSd4+yhT2SjZFpPzyOfms2NTd9+cc/NsMBY1ay0CuEZdjsa:7H5k4X0Ofms2p+cqNsYS50AZRx

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe
    "C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4852
    • C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe
      C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c4579c593a748d818d0ff4f297f59cb9.exe
    Filesize

    92KB

    MD5

    a3d57eba12d4b4d21bf8689b94e4e701

    SHA1

    2bf2025c5f32eae7c1387b8fa3af062a32075d77

    SHA256

    b15f832f555f2546f2b9f59c5e726b87fce0753757b00544f2042ef15a9fceb9

    SHA512

    af8ab9d988fa79611ef84af0b9babaa5e37cbd3963ddff4905e30d5996b6bfda2f9a21db060232480568d824ea3d4d7169bb6c160b0354f2e046a4a41efad52a

    Download Submit

  • memory/1964-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1964-17-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1964-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1964-24-0x0000000004DA0000-0x0000000004DBB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4852-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4852-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4852-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4852-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download