Overview

overview

7

Static

static

3

bd2e07f92e...37.exe

windows7-x64

7

bd2e07f92e...37.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd2e07f92e5f26433bcbb2f384481bd19315d4c0c15b77769316f49870b52737.exe

  • Size

    4.4MB

  • MD5

    c0269430f74b5c0911808d7b7c8c1302

  • SHA1

    e264faab01679f0d79dbd627add26ef46cc66ee3

  • SHA256

    bd2e07f92e5f26433bcbb2f384481bd19315d4c0c15b77769316f49870b52737

  • SHA512

    8362e862f7bd817839eae6a9b4eec231f6c6a9ad6ee38d3b7f5bfec1171e5bf0bbe803f7d6128bf83b7502aa766bc37abecd3721d81f4afeb4f5880b0e9843a6

  • SSDEEP

    98304:emhd1UryeO5TDPODM6/2+3uTDV7wQqZUha5jtSn:elutr2H2+3un2QbaZte

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd2e07f92e5f26433bcbb2f384481bd19315d4c0c15b77769316f49870b52737.exe
    "C:\Users\Admin\AppData\Local\Temp\bd2e07f92e5f26433bcbb2f384481bd19315d4c0c15b77769316f49870b52737.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Users\Admin\AppData\Local\Temp\1287.tmp
      "C:\Users\Admin\AppData\Local\Temp\1287.tmp" --splashC:\Users\Admin\AppData\Local\Temp\bd2e07f92e5f26433bcbb2f384481bd19315d4c0c15b77769316f49870b52737.exe CF3044BA5D915E7A189E3AA8ABCE297A01AF584CDAF609C504876719A82EB450175A7C22AF2E08896A0EBFED534219D85054F819F667890A10248DF2866C3230
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1287.tmp
    Filesize

    4.4MB

    MD5

    1efe7de5962e0762cbc0cc4bcab947b8

    SHA1

    eca5035164b0e56b40bcca8b9a164bc473910a0a

    SHA256

    6ad8b72c57992257594f29fea191420afa991fee805d88e01dad1d0839f04a0a

    SHA512

    54c909be3b35b740e09f417f2966e77abce3ed0dcbdeeb732f780ed710c7ab2c5ef2f9ea2e9b05edca4ce2d5d3081b006aa5f29470aff9a82d179a8b4b29b7d3

    Download Submit

  • memory/1888-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2976-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download