Overview

overview

7

Static

static

3

c6138afbd6...66.exe

windows7-x64

7

c6138afbd6...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 03:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6138afbd6bf54f9eb2563ae4990d4942e97fb599766a420dd1cf61a2bdfae66.exe

  • Size

    6.0MB

  • MD5

    1d0551617382e8a86b0d179a275095f1

  • SHA1

    5a132860512479c3b0cf50ccf6431553a5bc920b

  • SHA256

    c6138afbd6bf54f9eb2563ae4990d4942e97fb599766a420dd1cf61a2bdfae66

  • SHA512

    1dd53d991f67c47e23295402f7619243e84ab2ac5013be6def2f8c84e46aff941f8c5327da2535c9e090fe9df835f71d3997b7efb5e435a664e584f0e1b63322

  • SSDEEP

    98304:emhd1Urye0Iq66tr6IgcjV7wQqZUha5jtSyZIUS:elUIKVp12QbaZtlir

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6138afbd6bf54f9eb2563ae4990d4942e97fb599766a420dd1cf61a2bdfae66.exe
    "C:\Users\Admin\AppData\Local\Temp\c6138afbd6bf54f9eb2563ae4990d4942e97fb599766a420dd1cf61a2bdfae66.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4512
    • C:\Users\Admin\AppData\Local\Temp\326A.tmp
      "C:\Users\Admin\AppData\Local\Temp\326A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c6138afbd6bf54f9eb2563ae4990d4942e97fb599766a420dd1cf61a2bdfae66.exe A6471F1816AFA7EF07E63B7178A2E53AB77EE2E96125A60537F6E69883E637722B7376EF4651E7AC21D6C9774B1B391CA85E0382F7B34FAE9382B89E08D04CD9
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\326A.tmp
    Filesize

    6.0MB

    MD5

    b7f2f1f6ee486f37bebce648b04f7cd9

    SHA1

    d67d164748a3e77ec56a7cae320a38352f8bfeb2

    SHA256

    dbfd10d194ce92cbe8e7fa46ca4c0be137249cf9fc11e46df1103241603b4d35

    SHA512

    c0b461039c82e14f950801e021438cbc4afa1f50da9d79d29a7250e5f564e51cc5488719380eefb29d96d8cad6a41a03098d94a4e696771cc5e7567a3e688bbe

    Download Submit

  • memory/1808-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/4512-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download