Overview

overview

7

Static

static

3

151fb24453...e5.exe

windows7-x64

7

151fb24453...e5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 17:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    151fb244539b75ab0cb421eb42176e03ea8757c51d81f769bf18d50308233ee5.exe

  • Size

    213KB

  • MD5

    b8535175f4645087ddfcee6a2f1511e2

  • SHA1

    4fa36a51de866022dd7775034245bb8d1a58525c

  • SHA256

    151fb244539b75ab0cb421eb42176e03ea8757c51d81f769bf18d50308233ee5

  • SHA512

    04090989983b33554386132ead00cfad57bd510478028a9b0bb7e88c34c6168c9119a19ca4ec76d92467d89f169953535a5b6fa3cb866a4f664ea9578025b017

  • SSDEEP

    6144:pR2q79EhfmRX14LECI5pHpW2MbtH2gS7tDH0:pR579XRX10IbJW2itWlJDH0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\151fb244539b75ab0cb421eb42176e03ea8757c51d81f769bf18d50308233ee5.exe
    "C:\Users\Admin\AppData\Local\Temp\151fb244539b75ab0cb421eb42176e03ea8757c51d81f769bf18d50308233ee5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Users\Admin\AppData\Local\Temp\151fb244539b75ab0cb421eb42176e03ea8757c51d81f769bf18d50308233ee5.exe
      C:\Users\Admin\AppData\Local\Temp\151fb244539b75ab0cb421eb42176e03ea8757c51d81f769bf18d50308233ee5.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\151fb244539b75ab0cb421eb42176e03ea8757c51d81f769bf18d50308233ee5.exe
    Filesize

    213KB

    MD5

    93685e199bc076f05d51701bdd016891

    SHA1

    8817a984e59a0a5da7e7cb5bfaeb12b300cd95b5

    SHA256

    c302bdc4268bcb30f47738d87fcf7a95c02081d4932eba5f0391b31b7055c550

    SHA512

    906994d36ba329c521e0eed2e8a2ccaa196aed09a879ee1bddf65a94aa9abbd8a42003317c4fcb31d2a3ce4264fa7029d6b6d3cffd4203e0a10427e1c4379988

    Download Submit

  • memory/1584-0-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1584-8-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2872-10-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2872-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2872-12-0x0000000000320000-0x0000000000361000-memory.dmp

    Filesize

    260KB

    Download