Overview

overview

7

Static

static

1

c74b17a69b...eb.exe

windows7-x64

7

c74b17a69b...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 01:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c74b17a69bbe4cf33b28185dc3a840eb.exe

  • Size

    505KB

  • MD5

    c74b17a69bbe4cf33b28185dc3a840eb

  • SHA1

    9c5e9bd72c8635a10753bb620e566d592cabebe0

  • SHA256

    05c1f9dfc4b11ed3ba8245669dc103f0dfdfbab8e6fc7bd575bd4f63b17981b5

  • SHA512

    1aa3398db182520587d5731b2941227fac2801d2a7a739e11e21c3f9d1f78234f54fa0f5841104f6cf8ff4a29c3de00a607f97960fd8695871a4ebd7d602501f

  • SSDEEP

    12288:HSxG05888888888888W88888888888/4khP50GG7/uuzggp6NMWfpRoNtqJPBf:yxGY70G6BzzwNMWPPV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c74b17a69bbe4cf33b28185dc3a840eb.exe
    "C:\Users\Admin\AppData\Local\Temp\c74b17a69bbe4cf33b28185dc3a840eb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Temp\is-1O4MR.tmp\c74b17a69bbe4cf33b28185dc3a840eb.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1O4MR.tmp\c74b17a69bbe4cf33b28185dc3a840eb.tmp" /SL5="$C0066,127487,119296,C:\Users\Admin\AppData\Local\Temp\c74b17a69bbe4cf33b28185dc3a840eb.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2860

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-1O4MR.tmp\c74b17a69bbe4cf33b28185dc3a840eb.tmp
          Filesize

          1.1MB

          MD5

          4de6f44810bad050ac81f45549d58f34

          SHA1

          e001b982a0a978deed96789f943bf295dd2ba1d8

          SHA256

          cf8a77f4cbd38f6ab44fcff738f81ec8dfdaa7ef5a64d62fdd84c6fe897adff5

          SHA512

          550e468c3d6660ce2030fca16549eace9153610e19621cba83fea691f8d0091edb596a869168cf4b7f80fa55a808ca1703e4e2beffb3ade5af3fb67b6ead6673

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-IKAHK.tmp\idp.dll
          Filesize

          15KB

          MD5

          2ea92b11633afadba96648666b9df024

          SHA1

          25cae5012a8fe86c34e5918613be3fc4e7480fbd

          SHA256

          ad04e5eeec0ed157c4c6c5a1b919746e04d6270a15d8d6fb192bbc566d2fd3d7

          SHA512

          dd85de944271aa333d9eac175bd2167c5cb8771ece679af888a96e340dd5f1728ad3e3f9209546f5e17f22e91a9659e7168e12a7935ab4820e135a9f1f534471

          Download Submit

        • memory/2168-0-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2168-19-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2860-6-0x0000000002530000-0x0000000002531000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2860-18-0x0000000000400000-0x000000000052B000-memory.dmp

          Filesize

          1.2MB

          Download