Overview

overview

7

Static

static

3

dfe46b20f1...e7.exe

windows7-x64

7

dfe46b20f1...e7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2024 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dfe46b20f14845d0744977d937d912e7.exe

  • Size

    82KB

  • MD5

    dfe46b20f14845d0744977d937d912e7

  • SHA1

    cfb7d8d145e54fc02fc1c25d816061c0093b7982

  • SHA256

    52c7326a6a38f0faca74af8756ae55e9ab3bed66df332b8251c04b8d672a78b2

  • SHA512

    1b151139217fb8c8d979f8cd3014bf9ccef40befb51e979eb05ba9037df353daafe6b83308e12a08e554c943c547d21cdff0a5287f783cc63ba0bd20c992d609

  • SSDEEP

    1536:UJO0UxpYyQgBVA9QD0PjPCMXFoc+/09TbQx/Yx8vEH79OT3W1tXYy5hlY:WWxOiB+QaC3T/kTbgAyvEb4eXYy6

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfe46b20f14845d0744977d937d912e7.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe46b20f14845d0744977d937d912e7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Users\Admin\AppData\Local\Temp\dfe46b20f14845d0744977d937d912e7.exe
      C:\Users\Admin\AppData\Local\Temp\dfe46b20f14845d0744977d937d912e7.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\dfe46b20f14845d0744977d937d912e7.exe
    Filesize

    82KB

    MD5

    208fe6bbb9ace8872ea5ba1187c5e03f

    SHA1

    2509c21a15f968c6e207b0c70b9704599dd06ed7

    SHA256

    bb7dfdbaee599766a6520aa32ac4fbf91d7d60451b1d4b5dca3dc3d2cc4a81fc

    SHA512

    b4d1a01bb02b5743176035aaf9967a6f390e8db6b3ae676f3368e9587c9ad31c783852d7cd9ecfadc84c47f65e982387233fa1753ae56054ffb5c8fded1dd9d4

    Download Submit

  • memory/2316-22-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2316-27-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2316-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2848-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2848-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2848-9-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2848-12-0x0000000000330000-0x000000000035F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2848-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download