Overview

overview

7

Static

static

3

cd16c60671...28.exe

windows7-x64

7

cd16c60671...28.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 04:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cd16c606715a2ca63b729d192c8e6b28.exe

  • Size

    82KB

  • MD5

    cd16c606715a2ca63b729d192c8e6b28

  • SHA1

    fbe2427b04aefc45366caf25401cf5d37cd5a409

  • SHA256

    adaf74c70a1da2fd33ee6e78ca5852b1eaf2761da0582d88aaa5b9214f586481

  • SHA512

    68609b0a3889141ab7605fd4f205bb2d5d289afcf581cf2b579ea2e06819ef4f90d25af7319ea92edf27f03a7c8dc57905cbb2c765fc2b15c33e0876b027736d

  • SSDEEP

    1536:BCVxYyJLZm3c9Fsua2HF+aQxfpIEeh7f7Ouc8BloY9DZr61eD8T4Bqk3ysl:EVlpZms9FvaUQaQxfKvf7pHXooujvkB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd16c606715a2ca63b729d192c8e6b28.exe
    "C:\Users\Admin\AppData\Local\Temp\cd16c606715a2ca63b729d192c8e6b28.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Local\Temp\cd16c606715a2ca63b729d192c8e6b28.exe
      C:\Users\Admin\AppData\Local\Temp\cd16c606715a2ca63b729d192c8e6b28.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1468

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\cd16c606715a2ca63b729d192c8e6b28.exe
          Filesize

          82KB

          MD5

          9f01618a75b9478cbb95a4c0e48ee6cd

          SHA1

          d646f347b34e30f7408b20139fad556ffbd8fe42

          SHA256

          cd8ae8efcb6b8154c96e63903d80c0e10a153de614506124ac13ef89b788bb91

          SHA512

          847f4a85d32ca6c71d021630dd37d76f2c4e9b928211a2014876d7fd75863ed7a1db81b312e3d38985519f0758fcc7979860df4801e813e27adf679bafc9bd0d

          Download Submit

        • memory/1468-17-0x00000000000D0000-0x00000000000FF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1468-23-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1468-28-0x00000000001B0000-0x00000000001CB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3012-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3012-2-0x00000000001D0000-0x00000000001FF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3012-1-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/3012-12-0x0000000000330000-0x000000000035F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/3012-15-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download