Overview

overview

7

Static

static

3

195d42f245...92.exe

windows7-x64

7

195d42f245...92.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092.exe

  • Size

    7.8MB

  • MD5

    70b753da9b3121cfb2a44c3531c978e8

  • SHA1

    523d903a432a5d370d8a831cdfec6e424a2acc36

  • SHA256

    195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092

  • SHA512

    c427c3b00c4ac01b224630b01561552182f99dcef3476509578854a7b46d0357d59a3bb26622276220331196749aabef0d66b8d9508d63f515be80c688e373b3

  • SSDEEP

    98304:emhd1UryeLLTR+i+ctV7wQqZUha5jtSyZIUb:elHNyct2QbaZtli

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092.exe
    "C:\Users\Admin\AppData\Local\Temp\195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Users\Admin\AppData\Local\Temp\4352.tmp
      "C:\Users\Admin\AppData\Local\Temp\4352.tmp" --splashC:\Users\Admin\AppData\Local\Temp\195d42f24564c75b564b61c924c9726d1652eb4df70c825b3fc9c50bebd28092.exe BE5390E5A83272084B299331F9BFCFFCA4CAA2080712F84C298B1A7570F72B186AFEFACC6105215C24985B89186357FA57C59AD09A198E500ED4D82F99514FFE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4352.tmp
    Filesize

    7.8MB

    MD5

    4cc1892e58e83d278c0f6bf5da131168

    SHA1

    f7d8cdde7366e27adf49782fb5c9d3830bc1bdd9

    SHA256

    843d2c9828c599cb829a264fe2b5da81bc36ac2410b7a780c236d922249dd09b

    SHA512

    6a3434fb7a47cf21d984b925114e7de2fc0672ef062a910e5bf2092a98b4b8a0f79cab2290cbd03b37c20831e21f5a13ff822832215df0d7a519aa384181a9a5

    Download Submit

  • memory/1276-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2556-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download