Overview

overview

7

Static

static

3

e05ee21285...f5.exe

windows7-x64

7

e05ee21285...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e05ee21285cbf753a40a0d223fe9c9f5.exe

  • Size

    1.9MB

  • MD5

    e05ee21285cbf753a40a0d223fe9c9f5

  • SHA1

    c2f66e7f3241ff207ef682f6128b30954f7723e7

  • SHA256

    f286494c3dcf06074dccbeb868443e18861c1aaea7ebbcc1de39f27a0ea8ff3c

  • SHA512

    b1b5d1d5b7b77e397a7bd088d89211482c5a70dfaab3c2add524926ff4827a9705d952e6d685c9b1a30ed9e04d086955c13d3c03c1cd3c0a182cd79b1b425cf3

  • SSDEEP

    49152:Qoa1taC070dRCyTDFPSG2pHyFtaJ8LdRSJv8Uzt:Qoa1taC0CDF61GtaWLdRSJvn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e05ee21285cbf753a40a0d223fe9c9f5.exe
    "C:\Users\Admin\AppData\Local\Temp\e05ee21285cbf753a40a0d223fe9c9f5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Users\Admin\AppData\Local\Temp\62D1.tmp
      "C:\Users\Admin\AppData\Local\Temp\62D1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\e05ee21285cbf753a40a0d223fe9c9f5.exe 5E500CF05973ECCB2A32C7BB97E8599DB528759F85EA1EE76A0D0E0EC163534E3591C0B488BD6DF00315106FD25BBFC57FE9D86644B37D830DCEF5CBB2953D28
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\62D1.tmp
    Filesize

    1.1MB

    MD5

    1e3c9c91c28763f53f9194c9fe5e8a09

    SHA1

    f4dabc28ef4e1691b644cd60bfc8efff77d8d101

    SHA256

    036911a0950bd28394bc31d0e470ae4184c26933446ea1e78718cf052a51f462

    SHA512

    cbe85d832926a447defb64f4cf97e54f0970d3c82435b9e7ce04793498ef6948fc22b56b943e0e19a69cd78a59706588048f3728280303f5cddb07957ba4c4c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\62D1.tmp
    Filesize

    512KB

    MD5

    6b936dbf34fcadf0cdd761cb5fb562ed

    SHA1

    b952ef23f1fc73c01ed6e338a57ef1fe2a41719d

    SHA256

    e28a08f219beb5e6e960bc7810ec469cf5c159dd2417d799a227f9d6c884d126

    SHA512

    bf041009fa3368a87c6c72155cf80fc93b539bb379b9d7741ee3850253ad6a7e9509ef82c20b7f6e1707ba20283a5bcd4ee2cca499234b96f44891a0c59a238b

    Download Submit

  • memory/220-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1968-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download