Overview

overview

7

Static

static

3

436f484d5f...20.exe

windows7-x64

7

436f484d5f...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-07-2024 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    436f484d5f1c67635fa834259de77720.exe

  • Size

    4.4MB

  • MD5

    436f484d5f1c67635fa834259de77720

  • SHA1

    ba4bda556a8028e005a4bc7009b65708d826b559

  • SHA256

    4af741425e72e424387538a3a01dbd11c05458c01067ccd7662ed4efaa122150

  • SHA512

    41cb31ef954e441e88bd1a5b053877f246ffa4b06cfe4fd73550ddac83d304cf4c63fd235e75dfb2f75828d1f903f5a3de7bf5abd9176d41d3df57aec8b7a9ad

  • SSDEEP

    98304:emhd1UryelLUmKlZyVRV7wQqZUha5jtSn:elFcZyVR2QbaZte

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\436f484d5f1c67635fa834259de77720.exe
    "C:\Users\Admin\AppData\Local\Temp\436f484d5f1c67635fa834259de77720.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:992
    • C:\Users\Admin\AppData\Local\Temp\5C58.tmp
      "C:\Users\Admin\AppData\Local\Temp\5C58.tmp" --splashC:\Users\Admin\AppData\Local\Temp\436f484d5f1c67635fa834259de77720.exe 2CA6B28FBDDF2BA175D21D000BFCD9E2FBC7001DC87CEC400E2CCB3C5D7D0E05B4EC708D1AD7CA16D2A12E8EA6C492C643BED5757807E90FF88F29D7CDCFCBC5
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5C58.tmp
    Filesize

    4.4MB

    MD5

    56f5b2485f00dd2d7903084132bff3a2

    SHA1

    612c572efad56f461601b2c4063f25a6f13c0b8c

    SHA256

    d049a8e4f1c815a833e29745466eb2412361d324903ab46cb9464975f5077469

    SHA512

    0068d8ca1ec4bf467273055c3b6fd71fb7a2c6b01c1e94fc4616104466d124f4a305416a89bb619c856572e504db59dd655bc9768761df9d95b25f411d5a3e87

    Download Submit

  • memory/992-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/4300-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download