Overview

overview

7

Static

static

3

9c6ea6617d...ab.exe

windows7-x64

7

9c6ea6617d...ab.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c6ea6617d9923d1dbf83e8d1f95cc769294076f51006b2f0b0cf6f655174dab.exe

  • Size

    7.8MB

  • MD5

    d486719ee0fd85f269cadb4a50cead49

  • SHA1

    4f8726c2dc46d1debbc68a247fb9f789bc9a829c

  • SHA256

    9c6ea6617d9923d1dbf83e8d1f95cc769294076f51006b2f0b0cf6f655174dab

  • SHA512

    0acc97e5e2d10a2ecab43158f34b731f7108dc58c85ad7b1a79c7ab40ce0cd0d32be9c816519566bfbf35bb6b3ae836072bb1c1d0e4e66730d56f5d6e7af34cc

  • SSDEEP

    98304:emhd1UryeeE10b/X68VxmOUV7wQqZUha5jtSyZIUb:elJ0rT6j2QbaZtli

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c6ea6617d9923d1dbf83e8d1f95cc769294076f51006b2f0b0cf6f655174dab.exe
    "C:\Users\Admin\AppData\Local\Temp\9c6ea6617d9923d1dbf83e8d1f95cc769294076f51006b2f0b0cf6f655174dab.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Users\Admin\AppData\Local\Temp\16CB.tmp
      "C:\Users\Admin\AppData\Local\Temp\16CB.tmp" --splashC:\Users\Admin\AppData\Local\Temp\9c6ea6617d9923d1dbf83e8d1f95cc769294076f51006b2f0b0cf6f655174dab.exe 5874770BDE11D315AAE11CC18D837986F18FA03E8C1A6FF71F45AC329636775DDDAF5CC10CC2639C73F9F37D52CC62C765EF7A2A6B477CF987D65CADC3C2D9EC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\16CB.tmp
    Filesize

    7.8MB

    MD5

    3a8f634de0ae5208948c0d13f7177c54

    SHA1

    41312fa1b01d437a52075a06f95f34a7d77dd98d

    SHA256

    b107df89ffbce7ad9ec87477093f5ba15e0aea498b4df59f3d77cba694d644f5

    SHA512

    6876ad82e98e3074aa312894ed87658f4a6fc472e80f5fc5453687d0c17d954ac5094cd1e7a5e4ddbffc9a25422b09b7dd9578a57738393f185dd1c922e957e5

    Download Submit

  • memory/2196-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/3016-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download