Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
29/03/2024, 01:29
General
-
Target
338088517fea4a2569b38145a69e4856.exe
-
Size
444KB
-
MD5
338088517fea4a2569b38145a69e4856
-
SHA1
1b0d035182150612cb37e4f8f04d0411e5c0dfff
-
SHA256
d610c4cba7280c6ed43d4a55490528b7becc1e74bae99dd3407bd617477c38d6
-
SHA512
30b821aa8b8852d7382ae754c5067963027e945d8617ad7fd60e75a06af6a48d58396ab096ab20963f14fd19c99bee0a47b99917757e50d55d3445dd88380e89
-
SSDEEP
12288:Nb4bZudi79LtgKap0EhWqHbJxScCP/Q/+X24yA:Nb4bcdkLq/p06WabJx8/9X24
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\338088517fea4a2569b38145a69e4856.exe"C:\Users\Admin\AppData\Local\Temp\338088517fea4a2569b38145a69e4856.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\FC9.tmp"C:\Users\Admin\AppData\Local\Temp\FC9.tmp" --helpC:\Users\Admin\AppData\Local\Temp\338088517fea4a2569b38145a69e4856.exe 6A1F6E9435A762C26F194878C63F6A8333DFA7FA5BC84679C13913C5D5A40BCE855E6AC1D52E465505BBC88A391571BFBB1F649D138DE43F70BB6EED15BD3F6E2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD5d6681d2cfe60fe25d8d437db83f4b48c
SHA1d1f281fbb734ad6c63953ffc355e235e9c0b0383
SHA2566b48556510e0bb62aabe4767ed30a87c31437edeb18800c23087343074621285
SHA51204e675431c887c47f055cfd344ffc8be19618d04f40f1cfeb58126c563dcaabffe43517d8027f467ca719a2a2927df7a7fc83d6b262ed3d6f623f9497edbbf61