Overview

overview

7

Static

static

3

d4d04cef00...0c.exe

windows7-x64

7

d4d04cef00...0c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2024 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4d04cef00cf77dc81a99eb05d96390c.exe

  • Size

    82KB

  • MD5

    d4d04cef00cf77dc81a99eb05d96390c

  • SHA1

    9590eed6036e59f1d06e81874900dbf6306aad30

  • SHA256

    326c73ecf9f8ed48acc8de39ab6f9ed9b2e5bc38712f610345bb72c2cde77ff2

  • SHA512

    a33c8a16f16693ef759d39c1cd4cd87e760d39c9a376b1c626213665a1ba9dc208f1c920753e2f14b2d31d630d516475e94b38a58abc934d492f81502c608b2c

  • SSDEEP

    1536:/Ee71O1WGBxOYLEgr023j7NmGe7fSJpo9/fQA1AJzCYrwbdMTE/R7FE:sFZrl7NlmfyOfQA1cxcBMTwxFE

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4d04cef00cf77dc81a99eb05d96390c.exe
    "C:\Users\Admin\AppData\Local\Temp\d4d04cef00cf77dc81a99eb05d96390c.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Users\Admin\AppData\Local\Temp\d4d04cef00cf77dc81a99eb05d96390c.exe
      C:\Users\Admin\AppData\Local\Temp\d4d04cef00cf77dc81a99eb05d96390c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\d4d04cef00cf77dc81a99eb05d96390c.exe
    Filesize

    82KB

    MD5

    91fe23dd531d808cfbfbb603d116fc06

    SHA1

    4da0ddc3359a929acc9a31d9c7f67294cc5dcc01

    SHA256

    126c5ac129dbf8346134257734a6133780df247fd01bec15a7edba2ea44b9f85

    SHA512

    15f203f1cc612ef6ecba4b5dd91a06a7ad6e6eabf296c72b631a6a947474589bfcf6d4ad677ef97cedd9dd933374f1fdfd73a81237f5458e1131f80124af99b0

    Download Submit

  • memory/2132-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2132-15-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2132-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2132-25-0x00000000014E0000-0x00000000014FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2812-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2812-1-0x0000000001430000-0x000000000145F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2812-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2812-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download