Overview

overview

7

Static

static

3

c4b3d27665...83.exe

windows7-x64

7

c4b3d27665...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 02:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c4b3d27665a922f7828b8ce421599083.exe

  • Size

    771KB

  • MD5

    c4b3d27665a922f7828b8ce421599083

  • SHA1

    2a7ee0e44ca360a1c7bba0218016135eeb6fca6f

  • SHA256

    6c95faf356a9e447c85076dd692b80a1833cf767f4be3b2828beef8dde7cbb63

  • SHA512

    fe596ee15ec84282d93558d5947d1091093f45e76b2d392f3e9bf04225a8e24232ddb2f5a53c626638f09225dce58ee4566984a0893a5f9c16e79225711e33c9

  • SSDEEP

    24576:ulTARh3JVw3Y4Dgb10hJaothZ2/T6FBBB:uAw3Y4W/ofT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4b3d27665a922f7828b8ce421599083.exe
    "C:\Users\Admin\AppData\Local\Temp\c4b3d27665a922f7828b8ce421599083.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Users\Admin\AppData\Local\Temp\c4b3d27665a922f7828b8ce421599083.exe
      C:\Users\Admin\AppData\Local\Temp\c4b3d27665a922f7828b8ce421599083.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4944

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\c4b3d27665a922f7828b8ce421599083.exe
          Filesize

          771KB

          MD5

          63c7e9cae8702a4005af908c4f80c427

          SHA1

          ac70300b0736a9fc3c929d6bf097e7adb319b469

          SHA256

          3c92f28e6febbfeb62de73b559958bcb1183225421c416d176f1dea04e011669

          SHA512

          3176199146159786ceac0eee5f3c16712710e90d703281d5f75d3cd1e07a6ebe02f5765bfc26fcbcaaeda821abd179530b2d1fa4abfadc9581d6e2c7fe203719

          Download Submit

        • memory/2616-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2616-1-0x0000000000150000-0x00000000001B6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2616-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2616-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/4944-16-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4944-13-0x00000000015F0000-0x0000000001656000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4944-21-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4944-20-0x0000000004EB0000-0x0000000004F0F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/4944-32-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4944-37-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4944-38-0x000000000B620000-0x000000000B65C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4944-39-0x000000000B620000-0x000000000B65C000-memory.dmp

          Filesize

          240KB

          Download