Overview

overview

7

Static

static

1

5dc9237f8f...ac.exe

windows7-x64

7

5dc9237f8f...ac.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 15:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5dc9237f8f3d1088d02ccdc24098d7baf7b3c9e5decafb30632fa1183af174ac.exe

  • Size

    6.5MB

  • MD5

    b7843358b89b468731b6da637100a639

  • SHA1

    1941cd27aed1296cb3a549712967f6f8b5a23238

  • SHA256

    5dc9237f8f3d1088d02ccdc24098d7baf7b3c9e5decafb30632fa1183af174ac

  • SHA512

    a38cdda38001d9c28306f022b1f3c07d13e0d108f30de645099fa6ba2512ed1279ba6d1ea7cb55eab3cefdec9c11cf45d8d45e521357861808bd8a4d335c0007

  • SSDEEP

    98304:6SiRxhRkehvxxdcVdCHTY5yed8Z7R2U74erTI7t5hC+E+GQDeDnx30ro887kOws:CvRDVhcHCmTdqN27erEdQ+1W30E5J9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5dc9237f8f3d1088d02ccdc24098d7baf7b3c9e5decafb30632fa1183af174ac.exe
    "C:\Users\Admin\AppData\Local\Temp\5dc9237f8f3d1088d02ccdc24098d7baf7b3c9e5decafb30632fa1183af174ac.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3816
    • C:\Users\Admin\AppData\Local\Temp\is-RBQSV.tmp\5dc9237f8f3d1088d02ccdc24098d7baf7b3c9e5decafb30632fa1183af174ac.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-RBQSV.tmp\5dc9237f8f3d1088d02ccdc24098d7baf7b3c9e5decafb30632fa1183af174ac.tmp" /SL5="$50228,5845154,810496,C:\Users\Admin\AppData\Local\Temp\5dc9237f8f3d1088d02ccdc24098d7baf7b3c9e5decafb30632fa1183af174ac.exe"
      2⤵
      • Executes dropped EXE
      PID:3456

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-RBQSV.tmp\5dc9237f8f3d1088d02ccdc24098d7baf7b3c9e5decafb30632fa1183af174ac.tmp
          Filesize

          3.0MB

          MD5

          b244d6e17ec10cec9c9547b4b1093dbc

          SHA1

          e6ef9243e22c9033a4d62ded3f2e1e87ea564153

          SHA256

          644e60298d0625584b9a9af24f1b02d571dfafd49b6bc7f919f70f185455e8e4

          SHA512

          aded34ef09dd2974819416f63d84cfa0792915ebf0d2caa80b0e311aff10b8de0107b239dac7e4e2013cc18ad3dbf56f364e121a9774b7bfeec9b0cb5f0f1f19

          Download Submit

        • memory/3456-6-0x0000000000400000-0x000000000070D000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3456-9-0x0000000000400000-0x000000000070D000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3816-1-0x0000000000400000-0x00000000004D3000-memory.dmp

          Filesize

          844KB

          Download

        • memory/3816-2-0x0000000000401000-0x00000000004B7000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3816-8-0x0000000000400000-0x00000000004D3000-memory.dmp

          Filesize

          844KB

          Download