Overview

overview

7

Static

static

3

de821d2514...2a.exe

windows7-x64

7

de821d2514...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 17:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    de821d2514c948fe04b2c6d47334012a.exe

  • Size

    717KB

  • MD5

    de821d2514c948fe04b2c6d47334012a

  • SHA1

    3eaf1268d686d6aa30000e6224c3467ac2e49ec6

  • SHA256

    b75a4fd5561af36e042ad8ff0065f21e89305bb2a8fb6d4b25d2158c4b3e0dad

  • SHA512

    f183e9ea5a9532e68a2132de6178e958aa1bb6705893e1053df22032e6e0ff11a02a4e9439813d0858a465e5685529938eb38511e2716e64a3ec942b2010626f

  • SSDEEP

    12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJLDl16ncmglhRvpwkFuK8dilJJYLKJw8a:7zXKqa8SEijjC+37li6hPHGirn28a

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de821d2514c948fe04b2c6d47334012a.exe
    "C:\Users\Admin\AppData\Local\Temp\de821d2514c948fe04b2c6d47334012a.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4816
    • C:\Program Files (x86)\dqgoqmy\k.exe
      "C:\Program Files (x86)\dqgoqmy\k.exe"
      2⤵
      • Executes dropped EXE
      PID:2600

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\dqgoqmy\k.exe
          Filesize

          744KB

          MD5

          c06d8b4684a903aa175dcdbb50e37ac7

          SHA1

          467b2919e42c3137f5114d8d7d364f7ba1963b87

          SHA256

          04ac33abeb75037e0e4a09ce086a993e76d6ae568320e3dba6900c16cab57898

          SHA512

          eaf4516cef98c71c2adaf299b1ae225c8c3ec2c41be542b0893d485ea440fd076291c47373e96a96d0c3968d8f22c59956b734551b5d791ea6c82c1cdf139211

          Download Submit

        • memory/2600-7-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/2600-8-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/4816-0-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/4816-1-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download

        • memory/4816-6-0x0000000000400000-0x0000000000494000-memory.dmp

          Filesize

          592KB

          Download