Overview

overview

7

Static

static

3

c641bd466b...b7.exe

windows7-x64

7

c641bd466b...b7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    163s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 15:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c641bd466bd10694388f756cae5dc2b7.exe

  • Size

    1.9MB

  • MD5

    c641bd466bd10694388f756cae5dc2b7

  • SHA1

    181542c344b070301d72eac2d7d38e778d1d8dec

  • SHA256

    9bbd3eaaee2caf6d335393f4f631d60b9de9a57b5ef6abe6911f1ebaaf6bc361

  • SHA512

    812bb9e245f338ab30ccecd778234dc37fc268aac3ee7429c5c89da3276f39f69fb1190fcb620e96d880647a1287e42edf7e266321564506ead0a5613174ca95

  • SSDEEP

    49152:Qoa1taC070drtJKU5p4181zA2N0Bp7Womw:Qoa1taC0Atpt5N0f7J

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c641bd466bd10694388f756cae5dc2b7.exe
    "C:\Users\Admin\AppData\Local\Temp\c641bd466bd10694388f756cae5dc2b7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Users\Admin\AppData\Local\Temp\FFB8.tmp
      "C:\Users\Admin\AppData\Local\Temp\FFB8.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c641bd466bd10694388f756cae5dc2b7.exe 23047BD448B862DBDAFFFEB11D07F813386B727A9CB430FFFB99C0ABF55BA8BA7F3B77096129F2EE15A4FE82763EEE47262150AEBADEBD75BCFFF8193AF3B66D
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4344
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5072 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3952

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\FFB8.tmp
            Filesize

            1.9MB

            MD5

            a952d162a868a729a618925447cf2a40

            SHA1

            24f387967bb3599c04f7cebd8f835fd7eea8f2f5

            SHA256

            9155ba4a259ce0b0ef951e1662bf8676a78c418891cefdb9c39826daf020f006

            SHA512

            1dee38e03befc42dfba015421a382c0a99c8dfdaeeb2b059ee99bdc43abc6ea326c08761026d4cd965cfe40f21ab9d3c2db3d9844c0d8856137e2a25f2ddbc33

            Download Submit

          • memory/2020-0-0x0000000000400000-0x00000000005E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/4344-5-0x0000000000400000-0x00000000005E6000-memory.dmp

            Filesize

            1.9MB

            Download