Overview

overview

7

Static

static

3

195d42f245...92.exe

windows7-x64

7

195d42f245...92.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092.exe

  • Size

    7.8MB

  • MD5

    70b753da9b3121cfb2a44c3531c978e8

  • SHA1

    523d903a432a5d370d8a831cdfec6e424a2acc36

  • SHA256

    195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092

  • SHA512

    c427c3b00c4ac01b224630b01561552182f99dcef3476509578854a7b46d0357d59a3bb26622276220331196749aabef0d66b8d9508d63f515be80c688e373b3

  • SSDEEP

    98304:emhd1UryeLLTR+i+ctV7wQqZUha5jtSyZIUb:elHNyct2QbaZtli

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092.exe
    "C:\Users\Admin\AppData\Local\Temp\195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Users\Admin\AppData\Local\Temp\10D2.tmp
      "C:\Users\Admin\AppData\Local\Temp\10D2.tmp" --splashC:\Users\Admin\AppData\Local\Temp\195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092.exe 21E3680F8A9F16C7FB09CE6F523AA56C600CEBB4F1A62B83F39936B39542E9050327611ED0BD1EF77DC85C2CFE14AC7E93411AB758BDFF2632F4516C34571CDE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\10D2.tmp
    Filesize

    7.8MB

    MD5

    fbe843dec7b28c242b1ebaf26c43ea4b

    SHA1

    ad3bd08bae2a5edc7a6c8a3996113d9ce4e74e4b

    SHA256

    390c6d8f3df15bf89dfffe7d7b6f32dcb0ef366e4b7d244423182f66ecd6e3dc

    SHA512

    2b2ff15e9e8129d0e2a47104f64ae59cf2aab8ac1a2165080dab16b365c0a96ee33af6dcdb5458702a0b2c069dba99922df80bcee133c14881161fa83487751f

    Download Submit

  • memory/1620-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2248-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download