Overview

overview

7

Static

static

3

a7c598cb14...e4.exe

windows7-x64

7

a7c598cb14...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2024 08:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7c598cb14c60d0ef9230c12548bfdc76b401808b4fd9412ab5cde1f5c8ee5e4.exe

  • Size

    272KB

  • MD5

    eb46f93b4613cc7a2c138652692c2bba

  • SHA1

    7429f3c171174f190a5d1388c67a3165c3c93506

  • SHA256

    a7c598cb14c60d0ef9230c12548bfdc76b401808b4fd9412ab5cde1f5c8ee5e4

  • SHA512

    d474d36409daab13249cfef271b413e9f2f09a4a7d17b88744f6e7f5c93cf5c8b079ac40a02d0f86aeb1ec9231c70befea5f42f27d628346a59a3fe4c54ea70b

  • SSDEEP

    6144:a7ElpsZlbFUtUbqOMD2BaOftaL7P/hFRyMB3Aq5vJG9V40sb:IepsZlbFUtUbqOMD2ZaLb/hHJ3L5vE94

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7c598cb14c60d0ef9230c12548bfdc76b401808b4fd9412ab5cde1f5c8ee5e4.exe
    "C:\Users\Admin\AppData\Local\Temp\a7c598cb14c60d0ef9230c12548bfdc76b401808b4fd9412ab5cde1f5c8ee5e4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\a7c598cb14c60d0ef9230c12548bfdc76b401808b4fd9412ab5cde1f5c8ee5e4.exe
      C:\Users\Admin\AppData\Local\Temp\a7c598cb14c60d0ef9230c12548bfdc76b401808b4fd9412ab5cde1f5c8ee5e4.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\a7c598cb14c60d0ef9230c12548bfdc76b401808b4fd9412ab5cde1f5c8ee5e4.exe
    Filesize

    272KB

    MD5

    85724b5c16bfcb2a7162769f2de305de

    SHA1

    51bef33bcaa4f4ee55b4cf56cfccb067c525690f

    SHA256

    9f753802045b5d12c831354e8183c80aa0e2a3dc519d80eeee33e5d3b4bc9372

    SHA512

    91b3acbed3902db15600cf6306f368bccad6701b413332b6f3a210a41b303d712dc9b36f1d5b82fdc569151e41dab02834177e73bd59b5fb4c310b2713a0ed3d

    Download Submit

  • memory/2324-0-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2324-6-0x0000000000330000-0x0000000000370000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2324-9-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2600-11-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2600-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2600-16-0x0000000000220000-0x0000000000260000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2600-18-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download