Overview

overview

7

Static

static

3

e113027fab...31.exe

windows7-x64

7

e113027fab...31.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 07:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e113027fab6dd43e8b21b706fda15e31.exe

  • Size

    82KB

  • MD5

    e113027fab6dd43e8b21b706fda15e31

  • SHA1

    9ae369aad9345b4ff39b8b8201eae06ae8b34858

  • SHA256

    edab85de0471f07e7c77549df85657a06141fb9bddaef0d06d3c2284127eb23c

  • SHA512

    bfd5f070a4e282e6a448d663416672dff6731f43abda24196e3492df2e70294ea2c7a2a838acdefe4bfa6609ccd4014e8dbe9715197f8e88f249aaea929143ca

  • SSDEEP

    1536:D1ej6O50AmoO9Xzb1mqvKxzuD3cI+8JdC9A3m/:BeB50AmoO9dpI63cI+2g

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e113027fab6dd43e8b21b706fda15e31.exe
    "C:\Users\Admin\AppData\Local\Temp\e113027fab6dd43e8b21b706fda15e31.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Users\Admin\AppData\Local\Temp\e113027fab6dd43e8b21b706fda15e31.exe
      C:\Users\Admin\AppData\Local\Temp\e113027fab6dd43e8b21b706fda15e31.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\e113027fab6dd43e8b21b706fda15e31.exe
    Filesize

    82KB

    MD5

    73d6764f8c9aa46d9f651223528bb418

    SHA1

    573f9d8ab4d389c14edafd1fd48ccd5b347c1266

    SHA256

    03defd06f61fc14f90d61e49542a9f8053830f41e82ac387039875a30950ed2b

    SHA512

    ddb735d8a693c0d34bffda08fc193016db89346943f96abebc5743f0431318c63345e6cb9343a9b30512738d96aaf46155d73d2f2a3304aee49df7960201fa0e

    Download Submit

  • memory/1988-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1988-1-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1988-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1988-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3696-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3696-16-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3696-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3696-25-0x00000000014F0000-0x000000000150B000-memory.dmp

    Filesize

    108KB

    Download