Overview

overview

7

Static

static

3

145b389b94...8a.exe

windows7-x64

7

145b389b94...8a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/05/2024, 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe

  • Size

    4.2MB

  • MD5

    29a6c9b3a26443f7a7d12457f0ffef7d

  • SHA1

    6b53187be7410a591aa090ecee0afddd96e1c52f

  • SHA256

    145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a

  • SHA512

    5c923b748d7a001b038e8ecfdfaa4a9a6eb804137b120bc7ffe0bc22d49c662713c4a06a9dc9e342f8f0024012711c5a1a1f91487bc32be8a60e859caca9f6d0

  • SSDEEP

    98304:Cmhd1UryeaAR7i3yVLUjH5oxFbxhVLUjH5oxFbx:Cl6sVUjZEdhVUjZEd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe
    "C:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Users\Admin\AppData\Local\Temp\43DF.tmp
      "C:\Users\Admin\AppData\Local\Temp\43DF.tmp" --splashC:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe C3F07C420C5F043B603EA719781888BCE387DEEF520DD65E9DCBE3877A7E9A68886CDE8E5D67CFF16FD2D51697F585F16CA7F3F5D5DD94F140EB2854A26B25F1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\43DF.tmp
    Filesize

    4.2MB

    MD5

    185508dcd181df1120ca6c38851b0d3a

    SHA1

    6451766e7d19196e80f6065cbef7984b7ae3616c

    SHA256

    1a29324a0ea18f53717dcbde8a62b8d92f0bc7f7cf50c993910c5105b52c4a91

    SHA512

    a37f02e9fdfe783fc0f4b81b279ad441adcd36ae1c282d7c8e366dc0791253be2970f5209fb0822fe249e46ed89040c7245d48b740805c1c74f476e3a3217f26

    Download Submit

  • memory/2536-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/5032-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download