Overview

overview

7

Static

static

3

cdbff19e45...3c.exe

windows7-x64

7

cdbff19e45...3c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-04-2024 23:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cdbff19e45b091f1ac08c83cd723fa3c.exe

  • Size

    197KB

  • MD5

    cdbff19e45b091f1ac08c83cd723fa3c

  • SHA1

    570df5ac84e51e9eb320d7fad028f78ba3bff0d7

  • SHA256

    84a7f2bd447295470d2488f99ef943bc10a6691bfd6cc90e7834e8e170599959

  • SHA512

    9519f4dd9f3cb63196709ff823c2a4dc4caa6c5d46167aa6886e92697d1336996a519d84e3859c07b4b1b47a9dbfe5243eb570c2d732536dd442e1238b72beb2

  • SSDEEP

    3072:7hTUYO5uCIVqX/lVIWq8CAxlkcw5+SdMs84Ic7FA00+VY9kWG8H6Y62a:7hoYSsYjlk9+eMsx7CyGH6Y6l

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cdbff19e45b091f1ac08c83cd723fa3c.exe
    "C:\Users\Admin\AppData\Local\Temp\cdbff19e45b091f1ac08c83cd723fa3c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\AppData\Local\Temp\cdbff19e45b091f1ac08c83cd723fa3c.exe
      C:\Users\Admin\AppData\Local\Temp\cdbff19e45b091f1ac08c83cd723fa3c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\cdbff19e45b091f1ac08c83cd723fa3c.exe
    Filesize

    197KB

    MD5

    e2ab62944e9d7a740bc698cdc58984c7

    SHA1

    47d5ecd3da5c9b8b4f83a294cfddfb8f619360d5

    SHA256

    f77c610341f561cbbf87fe46a5da19dfa1ed667fd8aadb3574486998e39e73c0

    SHA512

    94e8e418946307293ced7b15cf16ed6abdeefde3f5ad2fcc1e9511bcf8618f7593cd8b124b4cc1633981fcdc8aab1fad48005fbda6cc98d41d0d3b3f5ae8c481

    Download Submit

  • memory/108-11-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/108-12-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/108-16-0x00000000001D0000-0x000000000020F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/108-19-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/3000-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/3000-9-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/3000-6-0x00000000000C0000-0x00000000000FF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/3000-18-0x00000000000C0000-0x00000000000FF000-memory.dmp

    Filesize

    252KB

    Download