Overview

overview

7

Static

static

3

2a6abf8945...c6.exe

windows7-x64

7

2a6abf8945...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a6abf8945b67c80021892136e49f7c6.exe

  • Size

    90KB

  • MD5

    2a6abf8945b67c80021892136e49f7c6

  • SHA1

    6cb50586ed80b13818f87c48391444f5b4467383

  • SHA256

    5272df59f81f949aecd9f778b0df0f233cde32678d05bd0642337b1272016db2

  • SHA512

    17c5dbf9286dccc2e9bd78cf7240f335ecc57bfec656900e70b38afd5396f095069f6bdebed07594cdcd4abfdfb5de5268be05f5d8674975f80298dfde5fcdae

  • SSDEEP

    1536:TalEkKgJOyjc4oqULVJBoLmcYXV/O16nvaHWpeQrZYTjipvF2uNc1c:vbOHw5qLmcYXVlnvk8YvQd2q

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a6abf8945b67c80021892136e49f7c6.exe
    "C:\Users\Admin\AppData\Local\Temp\2a6abf8945b67c80021892136e49f7c6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3660
    • C:\Users\Admin\AppData\Local\Temp\antifahib.exe
      C:\Users\Admin\AppData\Local\Temp\antifahib.exe
      2⤵
      • Executes dropped EXE
      PID:428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\antifahib.exe
    Filesize

    90KB

    MD5

    8036c68d073694a45ab7ac32d0e566b2

    SHA1

    8e7e29a726be25e9959d4668767a84a90d271345

    SHA256

    c783cc1231eb6405d3a8c3b04fc5b1e3dcf9099b1a1fceeb62bd82a6981fe6cd

    SHA512

    25ca59047eb648e8333992013f4169d23c86ad4ba13f742f7b7d52ba5dbd4bb9b47ed57b4086835c1d51917300978851bc6675bff3d79dc77737b93e798be025

    Download Submit

  • memory/428-7-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/428-8-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3660-0-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3660-1-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3660-5-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download