Overview

overview

7

Static

static

3

245f5fed0c...0N.exe

windows7-x64

7

245f5fed0c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22-07-2024 22:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    245f5fed0cede37fba16c284a13011b0N.exe

  • Size

    203KB

  • MD5

    245f5fed0cede37fba16c284a13011b0

  • SHA1

    b1bf02ca78ec6d3e4f404fae15534594ac6fb8da

  • SHA256

    181039fc7317aab1e88c6fba9dd09af486914fb934c85dbb4409f6c5627a7213

  • SHA512

    4e1e2c2e45bb30e45b2e383c861bfd7bf441ed37e7c4f1b9d16cd2d9f5f8e3dfd1047ffc8faa4e4cc117f26fd0966d10bc83e0753b7a533aa6836774a082e9c1

  • SSDEEP

    6144:0dlPOMcRvqbjCBwnKQvyaPhNDH12888xSWG1B78:0dlHglwnKgycNb1k8xRG1BA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:292
    • C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe
      C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe
    Filesize

    203KB

    MD5

    2387c1f157ebf4c45f59be6a5f8fa1fb

    SHA1

    5c2ac4b9f9b417f0e841b550ce36dfd336ad32b1

    SHA256

    dc6e0d2ede1f595be5e12fc813e99fe4a40d359633fa0875e081d301e32d8b07

    SHA512

    b2842b0d2f36d975447aea17fd47386a26ce769d6124af34f0382cee153e1d170a04687e7486f8e89004cc07989d1a253318694c3570dd70f99740efb14ea31e

    Download Submit

  • memory/292-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/292-10-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/292-9-0x0000000000230000-0x000000000026F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2884-11-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2884-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2884-17-0x0000000000210000-0x000000000024F000-memory.dmp

    Filesize

    252KB

    Download