Overview

overview

7

Static

static

3

db6cb5a094...58.exe

windows7-x64

7

db6cb5a094...58.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2024 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db6cb5a09417cca5f4f3e48c5d231332161f28527c6dd9e0d651823516eb1e58.exe

  • Size

    711KB

  • MD5

    0f2b26125e65c2f9317c7030e230be67

  • SHA1

    29a7d73d0068e4fb97fbef2daba490c7586cddfc

  • SHA256

    db6cb5a09417cca5f4f3e48c5d231332161f28527c6dd9e0d651823516eb1e58

  • SHA512

    26da616845c1162cbd57a595182f0898639b4d0e5525cf0f12bc89be4543e2e307e194fcbf0e4861661ee4126d50d3c2774cbed10581083c3d4351638b7a4881

  • SSDEEP

    12288:r9wq8qwMnfnNt/8IOMIP8mcenRv27NSJBpNeAsLIVe91W1BUAn1Mo75VLShLCMkl:t8mfI0umrIVe9YymVLShLCMkKvDYw5FK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db6cb5a09417cca5f4f3e48c5d231332161f28527c6dd9e0d651823516eb1e58.exe
    "C:\Users\Admin\AppData\Local\Temp\db6cb5a09417cca5f4f3e48c5d231332161f28527c6dd9e0d651823516eb1e58.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Users\Admin\AppData\Local\Temp\db6cb5a09417cca5f4f3e48c5d231332161f28527c6dd9e0d651823516eb1e58.exe
      C:\Users\Admin\AppData\Local\Temp\db6cb5a09417cca5f4f3e48c5d231332161f28527c6dd9e0d651823516eb1e58.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\db6cb5a09417cca5f4f3e48c5d231332161f28527c6dd9e0d651823516eb1e58.exe
    Filesize

    711KB

    MD5

    fb16d8077d4dd7e9891b866845665007

    SHA1

    da372e777e70cfd9d21a36427245da94989824a0

    SHA256

    8d52f0f7e6b873f083df7129c9f62e6f53d180432d35d3b106b4b0a194254001

    SHA512

    20b6b8861e9a0f6730b4859ee05b3021636d1eaab2ce6c0b35c8b20765b013c08d5817f97b7c8799dde84f7c1df72c3499f975acc7103c34936ab0921d3bb349

    Download Submit

  • memory/2328-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2328-6-0x0000000000210000-0x0000000000248000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2328-10-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2512-13-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2512-12-0x0000000000210000-0x0000000000248000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2512-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download