Overview

overview

7

Static

static

3

0e7460d5c7...43.exe

windows7-x64

7

0e7460d5c7...43.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe

  • Size

    448KB

  • MD5

    8c23d4da041648056f2aeef1d3821fc0

  • SHA1

    ed33789d1d2fe0ad940caf58b89179b04cbe2d4a

  • SHA256

    0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743

  • SHA512

    3dd1499a2677c385f3baea68c4058a4c66927debacb10b5d569589ff59c45552cb6761265092b2c42f24371f6e05c5e62593945c8d080d561a2859d4a1a7671a

  • SSDEEP

    6144:5LiHv5tgNOZUVVCf8OoI82wwiWhV40saiigCD4H2cHwXWNzDw:585JZU/aoIfwPWhVQ5zCD4TyWN4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe
    "C:\Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:816
    • C:\Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe
      C:\Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\0e7460d5c785cf47ec4746f1045e9dfac4b038703549635ad71bf4e7800e2743.exe
    Filesize

    448KB

    MD5

    0b4463240bb472b96d39fe78e2a6d889

    SHA1

    3844bca92b79a55034add5deb49660477f5f2fb8

    SHA256

    9a1ab0c38e1ec530db004883ca1fc0ac8359cb6d33a810142dcf336a898fac48

    SHA512

    cb665aa5dcdb40d81d6dce4193cf3d94b57372ce62930be6ddddd0e3ed17fc4514e2a06039064001f7231ee6ccdbab7179fa1fbe1574928f2af121f581a4fc9b

    Download Submit

  • memory/816-0-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/816-5-0x0000000000130000-0x0000000000176000-memory.dmp

    Filesize

    280KB

    Download

  • memory/816-11-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/3068-10-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/3068-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3068-17-0x0000000000130000-0x0000000000176000-memory.dmp

    Filesize

    280KB

    Download

  • memory/3068-18-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download