Overview

overview

7

Static

static

3

dc1d870092...a8.exe

windows7-x64

7

dc1d870092...a8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 07:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dc1d870092eb3fb30595f760260b69fd9c402faaa8616b1b650bd201e6b25ba8.exe

  • Size

    15.3MB

  • MD5

    3350801868600669dea2f5317eba65d6

  • SHA1

    a7471121b084c2b5056fb11ae5a5fba8e1024547

  • SHA256

    dc1d870092eb3fb30595f760260b69fd9c402faaa8616b1b650bd201e6b25ba8

  • SHA512

    61de6434b76cda80254f5c2f518034e3989bd5c737bf2e112693f97364c4aec59ba91bbcccfa539427e35e5692f9f15c9d9ad4177009481a12653ed3ee7a99c7

  • SSDEEP

    393216:guroysD+giWPgY1Gl7YR4EvvC9Hoi7FlwM5461JifH:h0ysDuAgY1i7YR4Ei9IiRlwM59vifH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc1d870092eb3fb30595f760260b69fd9c402faaa8616b1b650bd201e6b25ba8.exe
    "C:\Users\Admin\AppData\Local\Temp\dc1d870092eb3fb30595f760260b69fd9c402faaa8616b1b650bd201e6b25ba8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:780
    • C:\Users\Admin\AppData\Local\Temp\is-9PBA7.tmp\dc1d870092eb3fb30595f760260b69fd9c402faaa8616b1b650bd201e6b25ba8.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9PBA7.tmp\dc1d870092eb3fb30595f760260b69fd9c402faaa8616b1b650bd201e6b25ba8.tmp" /SL5="$401E6,15179729,732160,C:\Users\Admin\AppData\Local\Temp\dc1d870092eb3fb30595f760260b69fd9c402faaa8616b1b650bd201e6b25ba8.exe"
      2⤵
      • Executes dropped EXE
      PID:224

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-9PBA7.tmp\dc1d870092eb3fb30595f760260b69fd9c402faaa8616b1b650bd201e6b25ba8.tmp
          Filesize

          2.9MB

          MD5

          0d8826c8a07ba444f1d96279c6e7782c

          SHA1

          710e53236edce01edd5870d64ae4a89275d3d8cb

          SHA256

          2107bdf30f754edf186f9d8a7fc801e6fdeaf3a299460d1f17fe943a659b5561

          SHA512

          4d66a4280caf46a2cb4ddcb63dce4a1a9a5806ee29e752a6f8d2939c43166408a4de915fa9b5817c4bba6a9f4da22aaf172808e18bbd230b445164c397991727

          Download Submit

        • memory/224-6-0x0000000000400000-0x00000000006FE000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/224-8-0x0000000000400000-0x00000000006FE000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/780-0-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/780-2-0x0000000000401000-0x00000000004A8000-memory.dmp

          Filesize

          668KB

          Download

        • memory/780-7-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download