Overview

overview

7

Static

static

3

cca95ca82b...35.exe

windows7-x64

7

cca95ca82b...35.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 00:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cca95ca82b8306dafe2bd2dba7607135.exe

  • Size

    385KB

  • MD5

    cca95ca82b8306dafe2bd2dba7607135

  • SHA1

    00fc1a0293be7ccdf17e12e21cb7c2ce1ba92be7

  • SHA256

    0809e9b6d5808848962e45f046d1c8629cb295a2ecab9f32d96e0795233865f7

  • SHA512

    0f65243729b4204209b3abdb4b2af65f893c8a3b7152ace2ca47c0ecad81d863100ac9e447a6d394db184700e01011b59675e65bb424d883852db89babee976d

  • SSDEEP

    12288:hOVq86ajvcVZfEjL8L6mTsKnquPwp4yvB:hCBrCfuL8mUlnquPW4yvB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cca95ca82b8306dafe2bd2dba7607135.exe
    "C:\Users\Admin\AppData\Local\Temp\cca95ca82b8306dafe2bd2dba7607135.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3348
    • C:\Users\Admin\AppData\Local\Temp\cca95ca82b8306dafe2bd2dba7607135.exe
      C:\Users\Admin\AppData\Local\Temp\cca95ca82b8306dafe2bd2dba7607135.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4296

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\cca95ca82b8306dafe2bd2dba7607135.exe
          Filesize

          385KB

          MD5

          acdbf317b16f8651f9d8e69c03c5c532

          SHA1

          7d871d0c2056909e7555bd5dbc19841449bcdc29

          SHA256

          dd21db1c20fa6902be6a6812cc65c38a5d2edf17ca5ab15cbabacb01d745ad0a

          SHA512

          3412b87fe00e631436741ddc609107406ce1de7fed9aa8bf4f98b92d2e763c82ec983eaa2c9f58f0f96487fbda6c01e54df9673ec1c2fe409979af4ab8c8e4bd

          Download Submit

        • memory/3348-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3348-1-0x0000000001470000-0x00000000014D6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3348-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/3348-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/4296-14-0x00000000014D0000-0x0000000001536000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4296-13-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4296-20-0x0000000004E70000-0x0000000004ECF000-memory.dmp

          Filesize

          380KB

          Download

        • memory/4296-21-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4296-32-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4296-37-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4296-38-0x000000000C610000-0x000000000C64C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4296-39-0x000000000C610000-0x000000000C64C000-memory.dmp

          Filesize

          240KB

          Download