Overview

overview

7

Static

static

3

d6cb7b3657...12.exe

windows7-x64

7

d6cb7b3657...12.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 18:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6cb7b365743ea24ece23560430bcb12.exe

  • Size

    82KB

  • MD5

    d6cb7b365743ea24ece23560430bcb12

  • SHA1

    3457acebf233225f5a84a1dfc6070270b6ca5ff1

  • SHA256

    9398a31a263ab7b0ea07d48e85f07a3cef97b12bc7c8e3bcfecb6b138635df91

  • SHA512

    1d404c750a38dc4bcc4dfd18e394edf25ee74dd7c790e0e07a189f2294d9091e55bb5c38e0e2ee2d0ef1b23a7626a45aef8fc529211e580d82cdd21bfb1360a9

  • SSDEEP

    1536:bcjs3ctD+RrMOzVOpsIPdfrzcfwCbXFYc4RcjwsH2dmMa9:psh+RBUuI5cHWfUwNY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6cb7b365743ea24ece23560430bcb12.exe
    "C:\Users\Admin\AppData\Local\Temp\d6cb7b365743ea24ece23560430bcb12.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Users\Admin\AppData\Local\Temp\d6cb7b365743ea24ece23560430bcb12.exe
      C:\Users\Admin\AppData\Local\Temp\d6cb7b365743ea24ece23560430bcb12.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\d6cb7b365743ea24ece23560430bcb12.exe
    Filesize

    82KB

    MD5

    27bad8e5e267d8c5ff71f0af920f3418

    SHA1

    994eebfbec8dcf705b22c86bb18765d7eb24a3fe

    SHA256

    dbb8de5af34885b7da784663fdee82df2c15a3f49122ec93595683aa78a02460

    SHA512

    f276e9355f8df5ebc0948867a156c23d74580c3d405f87873cf6499a31d1759c901f5b36f467a6864c8c0fc8f9fae12e238dbee9359d93cde4760ea4e4772dbd

    Download Submit

  • memory/1152-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1152-2-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1152-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1152-11-0x0000000000210000-0x000000000023F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1152-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2236-23-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2236-22-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2236-24-0x0000000000220000-0x000000000023B000-memory.dmp

    Filesize

    108KB

    Download