Overview

overview

7

Static

static

3

c6eb7788a6...90.exe

windows7-x64

7

c6eb7788a6...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 21:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6eb7788a682907485bd590e01b6b090.exe

  • Size

    1.9MB

  • MD5

    c6eb7788a682907485bd590e01b6b090

  • SHA1

    7426ff51d4e070bf9e6faef631c35a562d5b95d9

  • SHA256

    0b51ed20bf5c4f24cf9843628e723ad46eb707e5bc2dbd17c07c99ab4fc852b9

  • SHA512

    43d003181500f98e699d901ce2198a803a357c69f6ac23ce7edb60247dd76382e37504e4ef96deeb9f047e15efead1789293c08c9b6ee382bcd1b526da43f4b2

  • SSDEEP

    49152:Qoa1taC070dnQYCL7gotKBv0RNI0d2QER0:Qoa1taC0c07gOKByIE1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6eb7788a682907485bd590e01b6b090.exe
    "C:\Users\Admin\AppData\Local\Temp\c6eb7788a682907485bd590e01b6b090.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Users\Admin\AppData\Local\Temp\35A6.tmp
      "C:\Users\Admin\AppData\Local\Temp\35A6.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c6eb7788a682907485bd590e01b6b090.exe 81ACDB95087F6381C121441F49FEDB9FF0001B07F97F0541552108574FC469F8B2355ED6AD3E3100EB3FDB2C1E2AD29239F5E58F091A4F527982DEBFF7268C90
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\35A6.tmp
    Filesize

    1.9MB

    MD5

    e368fd6535616be3fb01a074611e42db

    SHA1

    26584c97e3cd91e3a8b41766af4cea2bf3eb6c3f

    SHA256

    bf69dce9297feb05b7e1047be30f45e0ac09b253d20b5c6f19181cc1447b7bfd

    SHA512

    8b224f025667ac3182cc3ffbc66aa256144f1bfe6114dae6c800b939eed2024567cc9eb32195a0a47c6acb199bf772c519403e10ece824bb74fe1967858fafd7

    Download Submit

  • memory/1948-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5080-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download