Overview

overview

7

Static

static

3

c3029b33f5...dd.exe

windows7-x64

7

c3029b33f5...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 09:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c3029b33f54924b5ec5e0c0f357d64dd.exe

  • Size

    1.9MB

  • MD5

    c3029b33f54924b5ec5e0c0f357d64dd

  • SHA1

    f5ab77ff707bafaa33f8ab84c5ae78afc47f543c

  • SHA256

    43738373f9f674d5ace57b1bf1e67b113ea398e5a05e0bef164ea6b1f56f3216

  • SHA512

    c00556da6b4d7feed5172528ddc1085916bac91e4d8cfc169a2bb32726561d72d38c31d02bc6b7cb14f8ff813d1aa5962c0ecb6ff4ae361b00cf33b620302b75

  • SSDEEP

    49152:Qoa1taC070dgw6dFcFEIDKM6xT6s2h7jHkdi:Qoa1taC046sSlxTI7jHkdi

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3029b33f54924b5ec5e0c0f357d64dd.exe
    "C:\Users\Admin\AppData\Local\Temp\c3029b33f54924b5ec5e0c0f357d64dd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Users\Admin\AppData\Local\Temp\4585.tmp
      "C:\Users\Admin\AppData\Local\Temp\4585.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c3029b33f54924b5ec5e0c0f357d64dd.exe 7771F108051BA12BD337D2AA6EC0FF3F7097AFDB1DC2E2538ECF0E90FECA82C8316F5823C2C59B710185A4D0220189A61C9635B78C7C6DCAF811EEA4683A7F23
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1416

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4585.tmp
          Filesize

          278KB

          MD5

          12914890259688104b1723d489db8bb6

          SHA1

          61e87995973ccedfdf5a3f824600d0d8979564f6

          SHA256

          da0ae82aaac3ef503bd19ce9693bbbb2c6b44117819d28cf5606f8a9ee52afad

          SHA512

          7c222e16629f32bbce42216d8c32b10b32d413fcb630b4e6f917e64cdf34ca3177d4f5d90508bdf919f9c247b70f1d7da4868948cd69412d3de4230dd1aff917

          Download Submit

        • memory/1416-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1644-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download