Overview

overview

7

Static

static

3

e96104ca26...4c.exe

windows7-x64

7

e96104ca26...4c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 04:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e96104ca26e408720c4a0cb1899bd51ce5220189a2057aac0a74407918f85b4c.exe

  • Size

    432KB

  • MD5

    383715a46815fc87d4212b6f4f17bf46

  • SHA1

    28283dcac432b83c8bf63975284e4c17fdcae0f3

  • SHA256

    e96104ca26e408720c4a0cb1899bd51ce5220189a2057aac0a74407918f85b4c

  • SHA512

    c95249789935c6792687170fce08185f3fafecbe189ea5d3bf87b4cf18f6c04e6b4b903944574ba5cb7031832825f19a3dad97ba0cfa5dd21f693d29a3fd385f

  • SSDEEP

    12288:8kAel9XfoGQh6XFRbf0ez0npM4dl0v5Jd1:8kAe9foGQh6XFRbf0ezEM4dmv5l

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e96104ca26e408720c4a0cb1899bd51ce5220189a2057aac0a74407918f85b4c.exe
    "C:\Users\Admin\AppData\Local\Temp\e96104ca26e408720c4a0cb1899bd51ce5220189a2057aac0a74407918f85b4c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Users\Admin\AppData\Local\Temp\e96104ca26e408720c4a0cb1899bd51ce5220189a2057aac0a74407918f85b4c.exe
      C:\Users\Admin\AppData\Local\Temp\e96104ca26e408720c4a0cb1899bd51ce5220189a2057aac0a74407918f85b4c.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2140

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\e96104ca26e408720c4a0cb1899bd51ce5220189a2057aac0a74407918f85b4c.exe
          Filesize

          432KB

          MD5

          35a1abcee65931e8fb84cbf4474fc096

          SHA1

          0a0abd78dbd367b93c6f01b96591589a37953209

          SHA256

          7350c87c58509e1451daabdb9cda460747c28fa76c80b4113a9e55962db4a51b

          SHA512

          afab07c896f738170a93792a3d36c7d5797a2949837fda57c5cf9c43f7e2e8e1b6ff0e9052d212c2ef70c4bafec96fe837d66a42fabcc50a3c8500fdcec12642

          Download Submit

        • memory/1056-0-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/1056-6-0x0000000000130000-0x0000000000170000-memory.dmp

          Filesize

          256KB

          Download

        • memory/1056-10-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2140-11-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/2140-12-0x0000000000130000-0x0000000000170000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2140-14-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download