Overview

overview

7

Static

static

3

648b42bc69...05.exe

windows7-x64

7

648b42bc69...05.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    19-05-2024 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    648b42bc697d4e0ce7ccf2b3c8a977aad1416d6558e96e9dd2c543a5233f0205.exe

  • Size

    192KB

  • MD5

    d25500cd935f5eedb2ab29aca8f08d07

  • SHA1

    e8d72d024adcfd5daae57520c6deee487311b94e

  • SHA256

    648b42bc697d4e0ce7ccf2b3c8a977aad1416d6558e96e9dd2c543a5233f0205

  • SHA512

    2092e0729b7b68054cdd52a09a0e8c0bd99b71cb78ecc596593abb20102f01df22664aacf8e24172c4aa5500eaf4dc21276820fddf103c2c00a0d36d69528860

  • SSDEEP

    3072:YGEKsUfTfds5UZYTsKhK84aOxZAaRWnWVX4KDc0jNNI4gRSsuCZq:8KsUfTfdPuwnaOxZAnkX4CNIDEqZq

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\648b42bc697d4e0ce7ccf2b3c8a977aad1416d6558e96e9dd2c543a5233f0205.exe
    "C:\Users\Admin\AppData\Local\Temp\648b42bc697d4e0ce7ccf2b3c8a977aad1416d6558e96e9dd2c543a5233f0205.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Users\Admin\AppData\Local\Temp\648b42bc697d4e0ce7ccf2b3c8a977aad1416d6558e96e9dd2c543a5233f0205.exe
      C:\Users\Admin\AppData\Local\Temp\648b42bc697d4e0ce7ccf2b3c8a977aad1416d6558e96e9dd2c543a5233f0205.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\648b42bc697d4e0ce7ccf2b3c8a977aad1416d6558e96e9dd2c543a5233f0205.exe
    Filesize

    192KB

    MD5

    0af57e8693f89653d581a4173fa5ffa4

    SHA1

    9f86665fe796ef01c244567cf0b29bff68c06a6c

    SHA256

    f30e40b131f883cbd7f3b4c2ada8a296d36acb0fc042d02f7f707712c86297b3

    SHA512

    bcefb1875c574c9e30158fa774abaf295628a483aec8d54fd2e356ab8899f2d53a60cc6f8214c4fb17c22bbebc5110145426a857414ae0fa20aa9a32f44a8aa8

    Download Submit

  • memory/2260-12-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2260-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-18-0x0000000000170000-0x00000000001A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2436-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2436-11-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2436-6-0x00000000003C0000-0x00000000003F8000-memory.dmp

    Filesize

    224KB

    Download