Overview

overview

10

Static

static

1

f45b008c2d...3b.exe

windows7-x64

7

f45b008c2d...3b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2024 22:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f45b008c2dc3a65788aeac2040a067bd1a6100a06f8855d741ed9c82b94b7c3b.exe

  • Size

    27.7MB

  • MD5

    6e026f6349a5d57614b356d4fb57e705

  • SHA1

    ebba9da5397ee72c10d87b1a307bf828b08b2c8f

  • SHA256

    f45b008c2dc3a65788aeac2040a067bd1a6100a06f8855d741ed9c82b94b7c3b

  • SHA512

    4d9fe9f6f6d454e2c50820707cf5de133c2b5c84ec4945389a8529151dd5baa95da657c0de5f3588d35037a18e9e1417a3995f0ce22c5f6c0f1916c6cf1d025d

  • SSDEEP

    786432:w7QTm20juGqZXia4jHIbRXnomozy4k1zZB+YH90:wiAu7bRXoV2XF+YH90

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f45b008c2dc3a65788aeac2040a067bd1a6100a06f8855d741ed9c82b94b7c3b.exe
    "C:\Users\Admin\AppData\Local\Temp\f45b008c2dc3a65788aeac2040a067bd1a6100a06f8855d741ed9c82b94b7c3b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Users\Admin\AppData\Local\Temp\is-L8JFD.tmp\f45b008c2dc3a65788aeac2040a067bd1a6100a06f8855d741ed9c82b94b7c3b.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-L8JFD.tmp\f45b008c2dc3a65788aeac2040a067bd1a6100a06f8855d741ed9c82b94b7c3b.tmp" /SL5="$400E2,28175153,776192,C:\Users\Admin\AppData\Local\Temp\f45b008c2dc3a65788aeac2040a067bd1a6100a06f8855d741ed9c82b94b7c3b.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-L8JFD.tmp\f45b008c2dc3a65788aeac2040a067bd1a6100a06f8855d741ed9c82b94b7c3b.tmp
    Filesize

    3.0MB

    MD5

    204644e80661ab38e4fde52bf5889811

    SHA1

    18c51c1efed1b39c3e0144d36771319436d76865

    SHA256

    50c82674ea25abb3e6e460d935847a2d7e8847c6ecf003b00f6674d3fbfe91ea

    SHA512

    dbfa37c1716a3cd573e4f7b7ef4dd3d3f91d8d7f3249de11f7be0d435cc399c5270297bc0a35ec7f204fe6a9577af1195de1200a2eb49275ee0d2b2a84f3d7ff

    Download Submit

  • memory/2216-9-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2216-11-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2532-0-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

    Download

  • memory/2532-2-0x0000000000401000-0x00000000004A9000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2532-10-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

    Download