Overview

overview

7

Static

static

3

e245072c50...8b.exe

windows7-x64

7

e245072c50...8b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 20:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e245072c50fbb4eb419fe16bc299878b.exe

  • Size

    338KB

  • MD5

    e245072c50fbb4eb419fe16bc299878b

  • SHA1

    81629cfd7dad9a5b914625354a09f58cad246a55

  • SHA256

    1010a1abe8696de78276b4441668b1050f837745b0f66a55f1593ae84b09822f

  • SHA512

    72af54b036a4375ae547629fa99c331e55d3f0e9bbae03d1953f3fd2151fdbc956e74003d1ce6d3f55b69514bbdd0be23feae9623c5909d78b98e56c02f9be2d

  • SSDEEP

    6144:yr7VFmZVhsiGyEPfkJ+F2gX975jUEeseUTUXdAqFhTHbH5vA5ANmYWGP+F2gX97S:yrOLOiGpna+F2gX9JeseEUi+hr7a5AX7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e245072c50fbb4eb419fe16bc299878b.exe
    "C:\Users\Admin\AppData\Local\Temp\e245072c50fbb4eb419fe16bc299878b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4104
    • C:\Users\Admin\AppData\Local\Temp\e245072c50fbb4eb419fe16bc299878b.exe
      C:\Users\Admin\AppData\Local\Temp\e245072c50fbb4eb419fe16bc299878b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\e245072c50fbb4eb419fe16bc299878b.exe
    Filesize

    338KB

    MD5

    a66a065b8544106aadc86b59a9a56f0a

    SHA1

    7fb269d43b9496b2bd4fdf0f42157fb17f6ea9ed

    SHA256

    d58b658d2a81ae7cce2b0bb5402b4d64971a7129e5e259c835ba5a8884f713f1

    SHA512

    6b194dff153f91fea4a737b8d8d4d66e49f2e51909bb4f5b3fbf89d1d35cd3379f77b96d1254ae13c2572162cd2daa72ec12028fc5127043bd2a6ef86ab38fe3

    Download Submit

  • memory/1740-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1740-19-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1740-21-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1740-22-0x0000000004D90000-0x0000000004DAB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4104-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4104-1-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4104-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4104-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download