Overview

overview

7

Static

static

3

c422181318...e2.exe

windows7-x64

7

c422181318...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    170s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c422181318394d0453378765d2f652e2.exe

  • Size

    82KB

  • MD5

    c422181318394d0453378765d2f652e2

  • SHA1

    558b0b619e6618d704177b3e784cce5deb28f554

  • SHA256

    6e9a1d32587cdee9fa61b1f7404f626c457b88cc1d670bbc8c6d4dd53747835b

  • SHA512

    c7cbd5263f78fc299fa9c9a3ebab172c61561334c3ef435e91a7894ce1f77bc977e4ae13fef0c7e9eac82833bb569438f3fe4ae009b1a52d8df9d7e81b82e8c8

  • SSDEEP

    1536:ESQoWVaqZ83r/lP2rxgLpgo6mZ4geBW987tjxm6twYotaDShpYfq:APV1Z83r/VLYmZ4g987RNnWhifq

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe
    "C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe
      C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe
    Filesize

    82KB

    MD5

    67df1431c94319381eee0050e7f507e7

    SHA1

    62cdad57b0d7dd96e2b82b1a328ba38f028060e5

    SHA256

    0688f9d3830a2eb4fbfd13bc6a481a29cd722c72f59226f6474fcd538ecb5f1c

    SHA512

    e32684655ca47a6da5f06b798a45b8e03487c46c4be6ee03143fe95aa8483a4b23e5a2054196994d43071bb3cf39a742ff8ef9f723098161a4b765ba7b9d9bf1

    Download Submit

  • memory/2896-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2896-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2896-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2896-12-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4188-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4188-14-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4188-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4188-24-0x00000000014E0000-0x00000000014FB000-memory.dmp

    Filesize

    108KB

    Download