Overview

overview

7

Static

static

3

87dcd2c96c...24.exe

windows7-x64

7

87dcd2c96c...24.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe

  • Size

    912KB

  • MD5

    489e1fae49f440d756e8a9909ebb216e

  • SHA1

    1ba4b116c5a6522f119072a73f22296bf480a9a6

  • SHA256

    87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324

  • SHA512

    8b84cb877d00063b654412ab2c9ed05f510976b35e01cc11d7281baaf017f14129cf6f25fc81fa40d65494ea951411e74c27c4dae42df53763942b58abb13750

  • SSDEEP

    12288:5vo5RPxfakFRlrm1rPmytG3fJgYjVDa/ZS9anFY:sNacjjCOa/ZSUnK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
    "C:\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
      C:\Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 144
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\87dcd2c96c98903abb87ed3a8616f00d01be07a6a0c4c47fa3eb7f26fd9f6324.exe
    Filesize

    912KB

    MD5

    47bd4eeb3ad749f0087bd78251332781

    SHA1

    8323c1779347b75aacd8f83689bbe5e525c35cdd

    SHA256

    1b5e582255a80217c1c06667cf69693a1a9de0a4d4c6344dc364ab285d55fb1d

    SHA512

    b8966de87a45894a84e6f450bedb7544f23aa375b6eaea909254d4b0042636f48f9ff855e3f8731993b22e3a480468b09dc3bc57f30654c9742fb17beed1f76f

    Download Submit

  • memory/2380-0-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/2380-7-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/2596-9-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/2596-10-0x0000000002E80000-0x0000000002F6E000-memory.dmp

    Filesize

    952KB

    Download