Overview

overview

7

Static

static

3

e04ac5911d...02.exe

windows7-x64

7

e04ac5911d...02.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 00:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e04ac5911d46a95252cd7a34c93f0b02.exe

  • Size

    1.9MB

  • MD5

    e04ac5911d46a95252cd7a34c93f0b02

  • SHA1

    1e9431d7004fb2495ac4a448ab466a68ab9b7241

  • SHA256

    4e9806e48e2741b77d784dbe891f7b99ea9af0fe9c8b5e9f1211ff5d2f7d3dcc

  • SHA512

    b98ace96d9f90f1b6eb414fc6f31e146386e4557a066913db74e93e7bd08f5c2291acecc8ed6b229ddf5684dff14b4eaa08cc73e0f366611b1d9be2c652e3a01

  • SSDEEP

    49152:Qoa1taC070dDm3eeLU3ioYAYy68vURR2MRAv:Qoa1taC0XOeLU3nVYyprQAv

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e04ac5911d46a95252cd7a34c93f0b02.exe
    "C:\Users\Admin\AppData\Local\Temp\e04ac5911d46a95252cd7a34c93f0b02.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4684
    • C:\Users\Admin\AppData\Local\Temp\49CA.tmp
      "C:\Users\Admin\AppData\Local\Temp\49CA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\e04ac5911d46a95252cd7a34c93f0b02.exe 9D3CAC0AFDBA368B13AE7581B81ACDE154076ECBE8030CF3C7E465129A1691F11F0D6A884E774C582C13FF1CD7D4970BCCC431AE16CAB9977E08257ADB891DBE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\49CA.tmp
    Filesize

    1.9MB

    MD5

    6dcb0308c016b6ca4195727c8d0f29e6

    SHA1

    ed6eaddb0eb9708e4b4e489ba7eab4e9e5a317f3

    SHA256

    095d9a4735f63ad01483a500dc1b26a197f440c259b4ee1c26271b577ea18d6a

    SHA512

    69ffe6cd41cc6dd280c3cc9a1ab853b9014c32a75645a06ed69577a2c74fa0082536b53861250b3789f74b3ddd24182280937b4a2e9e6cd90c3ea35e40d0045c

    Download Submit

  • memory/2116-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4684-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download