Overview

overview

7

Static

static

3

c6e56b3b26...14.exe

windows7-x64

7

c6e56b3b26...14.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 21:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c6e56b3b267f4e2fce233b2dfb660f14.exe

  • Size

    82KB

  • MD5

    c6e56b3b267f4e2fce233b2dfb660f14

  • SHA1

    2fe79c21290272ec3d96f76b25a4bed42d64b997

  • SHA256

    80583dbeb8ea554763e610d7c651d8f80825eb45eb5a7c0a29a3ebc9c27dbefa

  • SHA512

    ee86a0e9b5346df10e402611970d34951919dd23d59519928b3f9bb00d6d014398c0fabcc463db855a01ddc22a842548c89096854e2ef2a3d62de6291c3b1fce

  • SSDEEP

    1536:ozfkxCElQ2OgxD7shwKbZmhzr6QuY5nP9R0Jb:oRwQ2OwxqsCQlxD0Jb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6e56b3b267f4e2fce233b2dfb660f14.exe
    "C:\Users\Admin\AppData\Local\Temp\c6e56b3b267f4e2fce233b2dfb660f14.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Users\Admin\AppData\Local\Temp\c6e56b3b267f4e2fce233b2dfb660f14.exe
      C:\Users\Admin\AppData\Local\Temp\c6e56b3b267f4e2fce233b2dfb660f14.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2264

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\c6e56b3b267f4e2fce233b2dfb660f14.exe
          Filesize

          82KB

          MD5

          4a69f3772d105ddeafac5b480825ce1c

          SHA1

          0f1fd09b8719a4f7c68425574b04c5c697721dae

          SHA256

          eadb65763888bfc12017a74ead900afe0de3462e71c18bc8eaac9e21f61e0646

          SHA512

          b4e4955bd6d5f2657d593debdead2018bcf405c33351256d7e57b5f66d5d2b373bd9e1e024e58669fffd7ebf67cd45578ad0fe5e2903fbeb2497fe837e3127f7

          Download Submit

        • memory/1704-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1704-1-0x0000000000140000-0x000000000016F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1704-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1704-15-0x0000000000210000-0x000000000023F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1704-14-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2264-17-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2264-19-0x0000000000170000-0x000000000019F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2264-24-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2264-28-0x0000000000320000-0x000000000033B000-memory.dmp

          Filesize

          108KB

          Download