Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
26/03/2024, 04:06
General
-
Target
ca85dead9e5b5c78bde999418cb1a3c6.exe
-
Size
435KB
-
MD5
ca85dead9e5b5c78bde999418cb1a3c6
-
SHA1
a2a80324723a749fea9277d998be6a96b710b9d7
-
SHA256
fecbcf9a27d17ff8490e12eb78a2afb23ed4bfe77b03c0a1637c390f26345342
-
SHA512
cf0335c98b11f83fde646edeef3d97b2b4e29cc97386c84fd53d831de49beb4d4eb39baa460be7fef934ca8944ae713fc43c6d6edbe62dcd100eb89d88d8211f
-
SSDEEP
12288:NW48Uekie0ghBNOZRmgWqlSuOO2pyOVfG14HWaSA:NW48Uekie/BN6RmXdu4QOVfG1GWa
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca85dead9e5b5c78bde999418cb1a3c6.exe"C:\Users\Admin\AppData\Local\Temp\ca85dead9e5b5c78bde999418cb1a3c6.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1536.tmp"C:\Users\Admin\AppData\Local\Temp\1536.tmp" --helpC:\Users\Admin\AppData\Local\Temp\ca85dead9e5b5c78bde999418cb1a3c6.exe 99B57A18E12E1AD7FB16C21E1B1994DC23C4EB75C3676EF1533780867CD0153020B1A36C1AA97B483054735A6C7A5DD1F07C16F67E2669E46235ACD1ED20582B2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD52b439c021d9b0cc9ec1d4527c44403fe
SHA150a368129165c610b37529bc80abb9d53d79d101
SHA256347e81e138f6f95926621e568ef797c2a95bde92beaba0326d4a95a6cd17cf02
SHA512f626776ecff55db979163082cdc990277bc0a938f2c963d2e011cfb7a78630aac218602796d4a66193ce906c519195760de4945d397055edc5623bd18da36a42