Overview

overview

3

Static

static

3

c8047b89a6...91.exe

windows7-x64

1

c8047b89a6...91.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 07:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c8047b89a61015f0f54c963db0bbf891.exe

  • Size

    2.8MB

  • MD5

    c8047b89a61015f0f54c963db0bbf891

  • SHA1

    fa7d4154bedbf1d058fcce9c1fda08ca92858a69

  • SHA256

    32f6079d93754057fd996933334a6c73df5e012d903ac1d03db53552f84c8cd0

  • SHA512

    7da302371e76db59cfcbaf96131813d10854a81963af990c0f8f7b0ae4cf3824ef6f5eac1122c89b71262ad34a3a524f11b6a4842ea4423aca2102f8abbdaf21

  • SSDEEP

    49152:ylY613IT/8iwSOqSVRgHb9AX+QTJ9eFO3W7fDlaSvbNBom4x:ylDqcRgHhTk9jOlaSvhy/x

Score
1/10

Malware Config

Signatures

  • Runs net.exe
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8047b89a61015f0f54c963db0bbf891.exe
    "C:\Users\Admin\AppData\Local\Temp\c8047b89a61015f0f54c963db0bbf891.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Windows\SysWOW64\Net.exe
      Net Stop PcaSvc
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 Stop PcaSvc
        3⤵
          PID:2216

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1928-2-0x0000000000400000-0x00000000004A5000-memory.dmp

            Filesize

            660KB

            Download