Overview

overview

7

Static

static

3

d47def7ed7...6e.exe

windows7-x64

7

d47def7ed7...6e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/03/2024, 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d47def7ed7122bef5c7e400d8dc2bb39830a0d9b076b19d3c0313e2210962c6e.exe

  • Size

    272KB

  • MD5

    efe65a6897286dae78aff9a3b12c3e36

  • SHA1

    8d345621b3cac363c7cd27a3e6f8df37a7bef170

  • SHA256

    d47def7ed7122bef5c7e400d8dc2bb39830a0d9b076b19d3c0313e2210962c6e

  • SHA512

    33a755f2a00b99ed1d8e3705e4c344ddbf2d65556570842e2dd7d7910fb2be27ed6963efac03cb1f99536f7edb7ca11517772e88d12619398cc5596cdb9ead3f

  • SSDEEP

    6144:c8wmhbQUvetZQTkTqh+kZrBjIcE9yy6atBWOw:tFhbnEZQTkTqh+8ljbE97tA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d47def7ed7122bef5c7e400d8dc2bb39830a0d9b076b19d3c0313e2210962c6e.exe
    "C:\Users\Admin\AppData\Local\Temp\d47def7ed7122bef5c7e400d8dc2bb39830a0d9b076b19d3c0313e2210962c6e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\d47def7ed7122bef5c7e400d8dc2bb39830a0d9b076b19d3c0313e2210962c6e.exe
      C:\Users\Admin\AppData\Local\Temp\d47def7ed7122bef5c7e400d8dc2bb39830a0d9b076b19d3c0313e2210962c6e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\d47def7ed7122bef5c7e400d8dc2bb39830a0d9b076b19d3c0313e2210962c6e.exe
    Filesize

    272KB

    MD5

    abadfed01895fd83255cf47ab41ae459

    SHA1

    d0e758d9154cff5e92968f7833b38e48e6d8c8c2

    SHA256

    95eb471c3cb1e43bf5b04a274f3063c2a55e0aaeb573d45dd28355e04cea2a64

    SHA512

    29047879dc57171590071aa854ffb7654bb87c9e07bc5d6e45c9940da0aa600a40912eec0df4af9b47fc68015ac095ee5796c3776bdc8846ee0d8fd2e0ff3da9

    Download Submit

  • memory/2164-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2164-8-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2900-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2900-10-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2900-16-0x0000000000130000-0x0000000000168000-memory.dmp

    Filesize

    224KB

    Download