Overview

overview

7

Static

static

3

c7c9ee0ad0...dc.exe

windows7-x64

7

c7c9ee0ad0...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 05:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c7c9ee0ad0470e0a94bd929f0e32f2dc.exe

  • Size

    385KB

  • MD5

    c7c9ee0ad0470e0a94bd929f0e32f2dc

  • SHA1

    5c8b768883ddc9b1b829f30ed5afd5864ff6eaac

  • SHA256

    7101581c7bc65cdbc75ec6a5ef422c8855a276c99baacd57707bfa776779cfd0

  • SHA512

    dd8cc3dc17c68eaaeb9fb7756a8240cd84bad070e663e999022185c77804ce82e0e3a72135fc642c3d81dbde6c140bc58c88f724de698a01d4767ba94fddffbc

  • SSDEEP

    12288:8hZj/SkJxuO1uQ6dL+GAgji+zqWlMH+GyaLW01KB:63xujQ6Fu9MuH+GyKNkB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7c9ee0ad0470e0a94bd929f0e32f2dc.exe
    "C:\Users\Admin\AppData\Local\Temp\c7c9ee0ad0470e0a94bd929f0e32f2dc.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1132
    • C:\Users\Admin\AppData\Local\Temp\c7c9ee0ad0470e0a94bd929f0e32f2dc.exe
      C:\Users\Admin\AppData\Local\Temp\c7c9ee0ad0470e0a94bd929f0e32f2dc.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\c7c9ee0ad0470e0a94bd929f0e32f2dc.exe
          Filesize

          385KB

          MD5

          c36b747b692ddf23df73e253f148a89f

          SHA1

          479125b3962f5b8f0130363e829383b28fefa209

          SHA256

          aae0ea63ee3818b19a685c6e09eac06fc13d4133e9bf52d4f42f67aeb4095485

          SHA512

          5dc2dad315373896ca9c544e8b49f6b8b5ec2464b0fcc2455c16b47d92060af9efd0b5d7515fe61b2542d0e0ebd2d0f08865d047c8fb55b0a46f155e52962894

          Download Submit

        • memory/1132-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1132-1-0x0000000001470000-0x00000000014D6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1132-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1132-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1692-14-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1692-16-0x0000000001600000-0x0000000001666000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1692-20-0x0000000004F30000-0x0000000004F8F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1692-21-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1692-30-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1692-33-0x000000000B600000-0x000000000B63C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1692-36-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download