Overview

overview

7

Static

static

3

0685b6d443...10.exe

windows7-x64

7

0685b6d443...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    05/06/2024, 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0685b6d443bbf3727d397306fcb5fc10.exe

  • Size

    4.2MB

  • MD5

    0685b6d443bbf3727d397306fcb5fc10

  • SHA1

    6668950050a7452f3c73ce45c349e9bc14ec150a

  • SHA256

    73a945c7b51299f8320ffa56d29137b3fe296c681d9e2103124af07aedbf65b3

  • SHA512

    9cc3fc659cd6e90ee47d8074a586a693a777c2997764069249d9f58ba5f72a01bf0ed445698894e6a1c684ef8021426e493da52b002543ada5aba784ed15ff42

  • SSDEEP

    98304:Cmhd1UryepjW4lsfwaLfuidz81pAZMVLUjH5oxFbxhVLUjH5oxFbx:ClJjaIaLfuiy1GKVUjZEdhVUjZEd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0685b6d443bbf3727d397306fcb5fc10.exe
    "C:\Users\Admin\AppData\Local\Temp\0685b6d443bbf3727d397306fcb5fc10.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Users\Admin\AppData\Local\Temp\1D22.tmp
      "C:\Users\Admin\AppData\Local\Temp\1D22.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0685b6d443bbf3727d397306fcb5fc10.exe 1D7143DBFFD1BD0A1AF3D93499E6C0A0065C46C0016D895E7E1C1307FC6E342917E52487466D3D993E7E4DBC01BE8F922763498C31E4E99F7365BDD1D4ABB971
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1D22.tmp
    Filesize

    4.2MB

    MD5

    57ed5e158e1ace4b9fb9c53041efe5f9

    SHA1

    c6a07c581fd223a242f570719cff137d2f649bd0

    SHA256

    8c2cce1c32b449d00ee7667858468b0f0137c0d3ce8560aed32d4a207952beb0

    SHA512

    5ad5baf8dcc0d5d6a4f95131cd5193415a25b91d63a446e62eef77eb23b2a3c18e6415744f1ba87ad0e7725e4f9d31f749496bf3f5705a9b96f4485ba07e324f

    Download Submit

  • memory/2128-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2332-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download