Overview

overview

7

Static

static

3

cd632cbf86...cc.exe

windows7-x64

7

cd632cbf86...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 06:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cd632cbf8694e7b00ab6b804b1e3fecc.exe

  • Size

    106KB

  • MD5

    cd632cbf8694e7b00ab6b804b1e3fecc

  • SHA1

    1811e6bd71e6ed916ee35b053f15aad4c26594a6

  • SHA256

    e616b94be81a03448f07f326b9a5e5709ca6765a497f70ae9abc0bd0c1fa6e4c

  • SHA512

    42ef8755cdbfd44d5d1ced6010da7f9f55a35beab1d9a86b6d903ade227aa89bb18f32ee041c745cf1f877afb0e0bde69df6c70d68e4d39657ac95470b88a02c

  • SSDEEP

    1536:PoHPsTF8QWlJkSJVtqCvOmpR58V8rsKTqECtOBUFQX1n/WYG7V4Bb:tWVqiS8rsKmD+UFktG7V4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd632cbf8694e7b00ab6b804b1e3fecc.exe
    "C:\Users\Admin\AppData\Local\Temp\cd632cbf8694e7b00ab6b804b1e3fecc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Fqp..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2148

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Fqp..bat
          Filesize

          210B

          MD5

          0f062ecd7b9d26e54ac41ca184fb2670

          SHA1

          61dec71318d74cb1d808bd25bf1553efa2ab3d2c

          SHA256

          29b00f986cbfed62039b81610b4e3547c41e8c3d7c1f61137b212147f269527a

          SHA512

          c93b9614e0336c59529f2a177cc1f66255da1ea8e7546b1da1d3005dc062ae15479cff83b09dabf6ed5fd8a5fbb0415d254864d81bd4342800effbf2545858ca

          Download Submit

        • memory/2684-0-0x0000000000220000-0x0000000000228000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2684-1-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2684-3-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download