Overview

overview

7

Static

static

3

c535adc197...64.exe

windows7-x64

7

c535adc197...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2024 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c535adc197507431213cad54fe60fa64.exe

  • Size

    82KB

  • MD5

    c535adc197507431213cad54fe60fa64

  • SHA1

    b8bb39a62e924ad95a0c04df42d9c49580409a83

  • SHA256

    d19fe1c918f093d4fcbd04d364ba1f5f73e8d659940e08c6c9825650513ca9b9

  • SHA512

    912d547fbd914a1935f32716fb8755cc37a98c126c571cadfaf29081f231be0c31fc0f542c586e71c561dfbe1afb9985b9f238c7141cbbb6f7d5623b83cd7090

  • SSDEEP

    1536:oThbuRkKAmJV8AqQ73x2uwNJd77Mnv2YOTWIzPt/MBle0myEI0NEoGHMcLHv:oThbskKAOV8AqQpwNJd77Mnv2tElVPE6

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c535adc197507431213cad54fe60fa64.exe
    "C:\Users\Admin\AppData\Local\Temp\c535adc197507431213cad54fe60fa64.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Users\Admin\AppData\Local\Temp\c535adc197507431213cad54fe60fa64.exe
      C:\Users\Admin\AppData\Local\Temp\c535adc197507431213cad54fe60fa64.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\c535adc197507431213cad54fe60fa64.exe
    Filesize

    82KB

    MD5

    5f5853e32ed407f5b7d20d11277baed9

    SHA1

    496eef218a64c25d010ccdf112573802dddd7c28

    SHA256

    c68270f140ab870b05ccefb9b7b00efc01e3cfa50504bb43e272a289ac2c3926

    SHA512

    863181397affa47795a8bcbef5f6561280f52a259a5e51c1e85cc2fe632f784da778383029a6b9f67ebfdb509cd449905473229afb25dab3062c34a0fdf17cdb

    Download Submit

  • memory/2112-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2112-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2112-1-0x00000000001E0000-0x000000000020F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2112-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2644-17-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2644-19-0x0000000000160000-0x000000000018F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2644-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2644-28-0x0000000000320000-0x000000000033B000-memory.dmp

    Filesize

    108KB

    Download