Overview

overview

7

Static

static

3

c249834628...3e.exe

windows7-x64

7

c249834628...3e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    162s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-03-2024 03:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2498346288f39b3b291c217d8e12c3e.exe

  • Size

    1.9MB

  • MD5

    c2498346288f39b3b291c217d8e12c3e

  • SHA1

    f3b0b9bd15ce5d6564ee7f57be6c4733cd45257d

  • SHA256

    9e4ed3f94697b51de10e7c0117d391b447244cbf972db307172a7916578b12d3

  • SHA512

    857b39e4055eaf897cf64ad5c7e99b4fc207f900f26fc9a8d90351270e68f9107f26efc24409bee8a62168dccd2aa0d7d089057b44eca2015729afe443cb47a0

  • SSDEEP

    49152:Qoa1taC070dPLDTuNa+YZBgeHUciZT73gECQaRn:Qoa1taC0WT8LcJHloT8tvn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2498346288f39b3b291c217d8e12c3e.exe
    "C:\Users\Admin\AppData\Local\Temp\c2498346288f39b3b291c217d8e12c3e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4188
    • C:\Users\Admin\AppData\Local\Temp\A950.tmp
      "C:\Users\Admin\AppData\Local\Temp\A950.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c2498346288f39b3b291c217d8e12c3e.exe AAF43E968F8B780C83ED62E665F543B326239884599F55A76428238EE5B520CCB2C3F710518951DA12A5BF7398A7F2E7C3C9E88CB17E2533927FD5B68681920F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A950.tmp
    Filesize

    1.9MB

    MD5

    fa19efee6b69a0da62477bf996013861

    SHA1

    e7e62cf5ddc35f21a267f1ef315330a1d37f5b19

    SHA256

    fa896d2289123eb245748a5d312fa74d4d1d02812cdbb3bfae9356d43bee7495

    SHA512

    da14eecbe83771ba174329fbafd1e62f169e97c4174e1789944ce9736aa5eef2abd61997808c10e17f79c15972b033873c1ab0c4298fe73e66ffb65f021df517

    Download Submit

  • memory/2344-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4188-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download