Overview

overview

7

Static

static

3

c9592fc9c9...91.exe

windows7-x64

7

c9592fc9c9...91.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c9592fc9c960e15d9d987de70d47c091.exe

  • Size

    1.9MB

  • MD5

    c9592fc9c960e15d9d987de70d47c091

  • SHA1

    9b870f61dd6388b9d0407cfca60e29fceac11d29

  • SHA256

    f2418525aee8c0c33ebf6f0f4836f0a0841880a95ddd49f094ff5ca102614ec3

  • SHA512

    f01a6a38a8fc1a2b6955c4111f2a15529389759751f33f57bce21f8dcb2bd1313e74cd94acb4507d11ed2a469ce84b5b8aca4aed75cdc14ab6d9b396aba3cac2

  • SSDEEP

    49152:Qoa1taC070dDZ7QmcRhnke/MPjNjCaqxXkiOQmLLYUrMr:Qoa1taC0ilBMnkeEPEaqxJLqLHO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c9592fc9c960e15d9d987de70d47c091.exe
    "C:\Users\Admin\AppData\Local\Temp\c9592fc9c960e15d9d987de70d47c091.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\B960.tmp
      "C:\Users\Admin\AppData\Local\Temp\B960.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c9592fc9c960e15d9d987de70d47c091.exe 5C0EACA7BA7AF5399F7A481282CB1552F9AB5E86491B1946E4A3460E6C8BE9E9DF7B3A932E2883DF1722A4BD35825F4A4A4BBF76BC01ADBB02D4BDC0B3E4E328
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\B960.tmp
    Filesize

    1.9MB

    MD5

    4ba57fc3cb078c16501e8a3d972e689c

    SHA1

    a866369588d29f3fc11720ef2223f0470975b41c

    SHA256

    fc8726015667e3debc0be96f38b8eed3b28faf738ce4ba6ae975d976ea725a95

    SHA512

    33c4dde45e60e1ea36e9ed4b331b81369bcbec5bbcc683ccdfd42720242242d0d045c5694b57d057204788c4938156bc513a012be4266c7979c44e0e9066a430

    Download Submit

  • memory/2380-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2656-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download