Overview

overview

7

Static

static

3

d18fc730b8...d7.exe

windows7-x64

7

d18fc730b8...d7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    02-05-2024 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d18fc730b89f645e6ddb13c7c6d54041ac8b1d2a6677502ef792f8e74988e3d7.exe

  • Size

    197KB

  • MD5

    b9ed244d0ae3dc5000c6fb1640e0066b

  • SHA1

    5be79bbfa43132c81aee7a097fd20f46d537c9c6

  • SHA256

    d18fc730b89f645e6ddb13c7c6d54041ac8b1d2a6677502ef792f8e74988e3d7

  • SHA512

    68dd935f443a86ea6cb85030532af67aa3b8eae26c1c88027b8e63c2c0155bd592a3309e4794e19dc1875fa691df93369eeae13125f08419be504035df616689

  • SSDEEP

    3072:0fAZeNa3xriqJ/HTCA2xWhGBIW4qQyiU4RlNayavQUOTxcD4gcUP0+VY9kWG8H6v:0fAD/lhy+bNHzTuHPCyGH6Y6l

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d18fc730b89f645e6ddb13c7c6d54041ac8b1d2a6677502ef792f8e74988e3d7.exe
    "C:\Users\Admin\AppData\Local\Temp\d18fc730b89f645e6ddb13c7c6d54041ac8b1d2a6677502ef792f8e74988e3d7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\Admin\AppData\Local\Temp\d18fc730b89f645e6ddb13c7c6d54041ac8b1d2a6677502ef792f8e74988e3d7.exe
      C:\Users\Admin\AppData\Local\Temp\d18fc730b89f645e6ddb13c7c6d54041ac8b1d2a6677502ef792f8e74988e3d7.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\d18fc730b89f645e6ddb13c7c6d54041ac8b1d2a6677502ef792f8e74988e3d7.exe
    Filesize

    197KB

    MD5

    3045c08462dbe222cf275de9cd14b901

    SHA1

    328915b80df634fd99e0c7e5467a0bef0152043d

    SHA256

    34a231bd6eb22c833761a98cc618d571f6f3e6e092f4d7c9fc3a6ef7965df793

    SHA512

    2d053a540ee289665942615e24eac1a19c2f86748760d13c8e75cd70a49e0a7be1d8d8712a5695fda8fcb4ef59b874cde1f3d4b5139efd083d7bce8c9d0119f8

    Download Submit

  • memory/2156-10-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2156-16-0x0000000001440000-0x000000000147F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2156-11-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2156-17-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2188-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2188-9-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download