Overview

overview

7

Static

static

3

02bc869f23...c7.exe

windows7-x64

7

02bc869f23...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 17:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe

  • Size

    320KB

  • MD5

    51bd613f8488f7b8dd593d076d242f80

  • SHA1

    c6997b772d930863094c6d120a473a41bcb2b91f

  • SHA256

    02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7

  • SHA512

    fae49a17f79e6c56e84a73e2067a75efd9da5477ef47b84e823ab7b09072413ffcbb4fd9d04d49ccc37750b8ae3ee3286d479a9ed3007c0ce7e73b59c5adaf59

  • SSDEEP

    6144:26OzJ1fFYRA0Eo5MTtNdowuX9aLisM+NeOV40saiigCX:2jNMW5ewuX9aLisvNeOVQ5zCX

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe
    "C:\Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe
      C:\Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe
    Filesize

    320KB

    MD5

    8dd1343f6087aa873c0df9a05d3f31a9

    SHA1

    196205198b0d152ba7e922080d6a775442d8f4c9

    SHA256

    ebdba95cb79b9ce13e6f28b9d55c98df80a6b4a4b1e0871513ae120faa50cd57

    SHA512

    691269f663314e871bae2ef00087899b33eacb37659865e905f782ba3ac54121fe8085369bedb23cc17c511a62c7ecd59654b21a23cebe3682faa4d605d9f45d

    Download Submit

  • memory/2728-0-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2728-6-0x0000000000130000-0x0000000000172000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2728-10-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2980-11-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2980-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2980-17-0x00000000001F0000-0x0000000000232000-memory.dmp

    Filesize

    264KB

    Download