Overview

overview

7

Static

static

3

03c6de9753...b3.exe

windows7-x64

7

03c6de9753...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 18:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    03c6de97539aff7594c845c96d2549ef0f66188e774ce89cabed7896e87f66b3.exe

  • Size

    92KB

  • MD5

    5852487185805c1482c5d0cc9f185656

  • SHA1

    e260215bf8545e9334055a5c26baca72028ad6f1

  • SHA256

    03c6de97539aff7594c845c96d2549ef0f66188e774ce89cabed7896e87f66b3

  • SHA512

    41949a86a6d13b4cad1fa511b55db724d2e601b18bb007eedcbab59730be0028069c5ac01b847eeb54daba03336ab4bb9595bd731ed8a7b14e7445f507709da5

  • SSDEEP

    1536:U+zQDQAYoOK3lSYj6DtyagUYMeuwkFKYnJqAp6C3LT6/w4P7ha:U4QDQKplSlyVMeuDRnMAp6C7Tv4P7ha

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03c6de97539aff7594c845c96d2549ef0f66188e774ce89cabed7896e87f66b3.exe
    "C:\Users\Admin\AppData\Local\Temp\03c6de97539aff7594c845c96d2549ef0f66188e774ce89cabed7896e87f66b3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Users\Admin\AppData\Local\Temp\03c6de97539aff7594c845c96d2549ef0f66188e774ce89cabed7896e87f66b3.exe
      C:\Users\Admin\AppData\Local\Temp\03c6de97539aff7594c845c96d2549ef0f66188e774ce89cabed7896e87f66b3.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2268

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\03c6de97539aff7594c845c96d2549ef0f66188e774ce89cabed7896e87f66b3.exe
          Filesize

          92KB

          MD5

          922a336b1ff0c3777625c21001cb8086

          SHA1

          fff7a603b8611730a8cf07da1b7e8a6dc62b2680

          SHA256

          52bde1e2a6e2938c92004192f935b3ef973539cad1adbd5217765a1c261c2532

          SHA512

          0d6c04e332aef83184c6fa00ea55a03b2960329d17a9da99c17c58bc4838b0e9451ee673022e0e20ba7abd2d5af910a091016f73a4bf55041936103be996c09f

          Download Submit

        • memory/1716-0-0x0000000000400000-0x0000000000431000-memory.dmp

          Filesize

          196KB

          Download

        • memory/1716-1-0x0000000000140000-0x0000000000171000-memory.dmp

          Filesize

          196KB

          Download

        • memory/1716-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1716-11-0x0000000000250000-0x0000000000281000-memory.dmp

          Filesize

          196KB

          Download

        • memory/1716-17-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2268-23-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2268-29-0x0000000000330000-0x000000000034B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2268-28-0x00000000001C0000-0x00000000001F1000-memory.dmp

          Filesize

          196KB

          Download