Overview

overview

7

Static

static

3

cdd120e7e0...ee.exe

windows7-x64

7

cdd120e7e0...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-03-2024 10:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cdd120e7e0923ec14becea98138db5ee.exe

  • Size

    771KB

  • MD5

    cdd120e7e0923ec14becea98138db5ee

  • SHA1

    052d92ccf1a513d7c2070943f0295b815559f6dc

  • SHA256

    321cefe755c25472d4f5bdc608bd1626eeea7a702d54fce8b54bac4b2e7a9d1a

  • SHA512

    f07836e49b618c06a939ee0d54a0d4583dbda5bc791f15d1fc7893f409a158413beba9c80fa390df31b0e2a7e2d72d1eee99a9585af1d2bd53bfb69528baba16

  • SSDEEP

    24576:7HGcVvNQrZl72HA0b10hJaothZ2/T6FBBB:7HrRNQr772d/ofT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cdd120e7e0923ec14becea98138db5ee.exe
    "C:\Users\Admin\AppData\Local\Temp\cdd120e7e0923ec14becea98138db5ee.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4492
    • C:\Users\Admin\AppData\Local\Temp\cdd120e7e0923ec14becea98138db5ee.exe
      C:\Users\Admin\AppData\Local\Temp\cdd120e7e0923ec14becea98138db5ee.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cdd120e7e0923ec14becea98138db5ee.exe
    Filesize

    771KB

    MD5

    3e74a6d7c32057580a9f0ceeeba4c01c

    SHA1

    619dd898474b65581e0294fd10c7f7454700b49b

    SHA256

    3af2440f2101be6acc6890926cb5ecbf2edbc4636fa29e3e6980743f8657f306

    SHA512

    091ae9fcc3aecf900dc56047027647aa083541dbe628d65ed9ec9260192ca129aacc77269dac12389cd7589ad80176aab981d11f0f63c11e91f6ccf69babf807

    Download Submit

  • memory/2580-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2580-16-0x0000000001540000-0x00000000015A6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2580-20-0x0000000004EB0000-0x0000000004F0F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2580-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2580-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2580-32-0x000000000B600000-0x000000000B63C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2580-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4492-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4492-1-0x0000000000140000-0x00000000001A6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4492-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4492-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download