Overview

overview

7

Static

static

3

28a2a0d404...fd.exe

windows7-x64

7

28a2a0d404...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28a2a0d40419fb5b74701d3518290c49155dafe09d97d93ecfa0587a016d0efd.exe

  • Size

    7.0MB

  • MD5

    34f94cc6e79ad109b2d2f03b13d99d5e

  • SHA1

    042c498cc897d73136f782130593c92073fcba57

  • SHA256

    28a2a0d40419fb5b74701d3518290c49155dafe09d97d93ecfa0587a016d0efd

  • SHA512

    8fa964d48475199d7040f5fe805ac42a76b5ca25407609006d5d855b98c55e90847865b63429efe45d4b8b7fd2fb1319b60e01a10399a3966bd588e132b420c8

  • SSDEEP

    98304:emhd1UryeZX9idff0LuV7wQqZUha5jtSyZIUbn:elFodf8q2QbaZtliK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28a2a0d40419fb5b74701d3518290c49155dafe09d97d93ecfa0587a016d0efd.exe
    "C:\Users\Admin\AppData\Local\Temp\28a2a0d40419fb5b74701d3518290c49155dafe09d97d93ecfa0587a016d0efd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Users\Admin\AppData\Local\Temp\1A64.tmp
      "C:\Users\Admin\AppData\Local\Temp\1A64.tmp" --splashC:\Users\Admin\AppData\Local\Temp\28a2a0d40419fb5b74701d3518290c49155dafe09d97d93ecfa0587a016d0efd.exe EE0EF87A0B04F4265A8C9AA2C0E43AF66D0DBCC63904412998D683DF4D6E921FC8B553FBB433947FB93684F5E86F21D94B132EAF86E10D18A22518624579BFBF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1A64.tmp
    Filesize

    7.0MB

    MD5

    7df10780a14ad4e7544208f91808e53c

    SHA1

    3f654e57f8674b4b200bdddf10785337a46609cb

    SHA256

    c87cd750a05291f594bde12ccf49833a534cf6a06e7fba30bc80e187816b15f7

    SHA512

    b67cd2e6c0ab9aa7df1767797734be20c4d0b2ddc42a69864173094aee7c2d94f4e1617d4f7dfb6faa146d5c330fec2e9bf41e4ea6084b5412d5ed1ee25c8583

    Download Submit

  • memory/1704-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2240-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download