Overview

overview

7

Static

static

3

b498972c2c...03.exe

windows7-x64

7

b498972c2c...03.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2024 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b498972c2cdce81ef9cd6198f34a6f270277909681d9935a54421e05bb96de03.exe

  • Size

    481KB

  • MD5

    3d8fde6d8c19cd43c3c9240b48d97ba0

  • SHA1

    f10c9032ef8596c6a09e423ab0829b5c0503532e

  • SHA256

    b498972c2cdce81ef9cd6198f34a6f270277909681d9935a54421e05bb96de03

  • SHA512

    eb2ea11683babb55ebb0189673b5390f33e3da1ac1e71a178e538c32efae53c0534ea6ffac19e5506a5984496ad5cfd41c964d991ef96f43a467b1bdd27cdda4

  • SSDEEP

    12288:INdt8uN4lf+wxqkAhGKYvc8v9881Cv3yNuPSm4/MnEfJThTOVYUltc5gLE4k2Ewa:Em6x3yNuPgMnEfJThTOVYUlOmLE43Ewa

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b498972c2cdce81ef9cd6198f34a6f270277909681d9935a54421e05bb96de03.exe
    "C:\Users\Admin\AppData\Local\Temp\b498972c2cdce81ef9cd6198f34a6f270277909681d9935a54421e05bb96de03.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Users\Admin\AppData\Local\Temp\b498972c2cdce81ef9cd6198f34a6f270277909681d9935a54421e05bb96de03.exe
      C:\Users\Admin\AppData\Local\Temp\b498972c2cdce81ef9cd6198f34a6f270277909681d9935a54421e05bb96de03.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\b498972c2cdce81ef9cd6198f34a6f270277909681d9935a54421e05bb96de03.exe
    Filesize

    481KB

    MD5

    646403d43bfe3997b64cdd185038e005

    SHA1

    61136dcbb114a1041f721718373846e5fe5d2362

    SHA256

    2b9523b62fa47dc9f04d9124b734ddcf05a72ece44844c2359061b1486015833

    SHA512

    d1dca5be27740502089a293280c41b0c8622d4d207942b5f7d02eda936045c5fbd95f7adedb21e3adb5c516d9ef50578d4c1925e22068550576069030209fc63

    Download Submit

  • memory/2012-0-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2012-9-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2836-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2836-12-0x0000000002BE0000-0x0000000002C26000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2836-10-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download