Overview

overview

7

Static

static

3

dad90dfaad...9d.exe

windows7-x64

7

dad90dfaad...9d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 03:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dad90dfaad0567c4ee7bea5ea6ac18a35a299262437e9258c5737eb2d5adc69d.exe

  • Size

    893KB

  • MD5

    c2d4b26ae398a5ebaf38c866687645c3

  • SHA1

    fb36d2d7bcd5509736cfe0ffc8b379fc566e5b3a

  • SHA256

    dad90dfaad0567c4ee7bea5ea6ac18a35a299262437e9258c5737eb2d5adc69d

  • SHA512

    36de543986c98b88ba9084bd16ec05b5c2558baa4df84e99ebbe43cd7581c67fd8cca585e4baa86f6a2758299da8c72e9460a11f3afe2c14db336d5421f5b419

  • SSDEEP

    24576:1WBz95ndbgfx5cQLpApZ8gjTE5WBGKkWBz95nvBz95ndb:1m95nZgfxLAtjTE5jKkm95nl95nZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dad90dfaad0567c4ee7bea5ea6ac18a35a299262437e9258c5737eb2d5adc69d.exe
    "C:\Users\Admin\AppData\Local\Temp\dad90dfaad0567c4ee7bea5ea6ac18a35a299262437e9258c5737eb2d5adc69d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Users\Admin\AppData\Local\Temp\6DC1.tmp
      "C:\Users\Admin\AppData\Local\Temp\6DC1.tmp" --pingC:\Users\Admin\AppData\Local\Temp\dad90dfaad0567c4ee7bea5ea6ac18a35a299262437e9258c5737eb2d5adc69d.exe 8DEF78715EBA7F0EBC4B66F8A1E0F43122ECFEF10B086B80B2171C5682A51A09C3F924CCED2025A96DAD654F640B8D493E2D71D602B785ADB9D7C60AA741CE0E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3052

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\6DC1.tmp
          Filesize

          893KB

          MD5

          afa3d000f6de2bd650ebf053038471c4

          SHA1

          324962dc434ddc292d4ca3f6156be8919386b0a0

          SHA256

          60e66cc9268d0e99b4b1abb29a2e3ba44008eda492c2a5309da6c8ebfa7328a8

          SHA512

          3d00cfea7aeb3be75a8ed0bec540a4b6fadca51289971599406e2981c60ff4164235625e5e9804077240c98ae9b62e676a92bb30edd770d197be6d73a3691a30

          Download Submit

        • memory/2612-0-0x0000000000400000-0x00000000004EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/2612-6-0x0000000002290000-0x000000000237E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/2612-9-0x0000000000400000-0x00000000004EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3052-8-0x0000000000400000-0x00000000004EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3052-11-0x0000000000400000-0x00000000004EE000-memory.dmp

          Filesize

          952KB

          Download