Overview

overview

7

Static

static

3

0a0dc9fe4d...0N.exe

windows7-x64

7

0a0dc9fe4d...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    103s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2024 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a0dc9fe4df917ef3650107560f19140N.exe

  • Size

    7.8MB

  • MD5

    0a0dc9fe4df917ef3650107560f19140

  • SHA1

    6e1878922b560b7edfbb0a749243edf552d703f0

  • SHA256

    59c87f3afd3415ccde2c3641dbcd85985f477d8429811d1ad6d7cd6575256b9e

  • SHA512

    726310d64819d903ec397d7b6e5271814d487c8291d645780a620be9ce87527e894907cc491b7c0ecb5ee9b40aeb432598896c860bcc1c1cffd0208d631fbe24

  • SSDEEP

    98304:emhd1Uryeq4v0cHzomyQDcd+iuV7wQqZUha5jtSyZIUb:elKe0cT3yQAdu2QbaZtli

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a0dc9fe4df917ef3650107560f19140N.exe
    "C:\Users\Admin\AppData\Local\Temp\0a0dc9fe4df917ef3650107560f19140N.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Users\Admin\AppData\Local\Temp\9FAB.tmp
      "C:\Users\Admin\AppData\Local\Temp\9FAB.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0a0dc9fe4df917ef3650107560f19140N.exe B9098951C7AE60251E248AD30C11EB8475EF949914D155838546CF405C444C28E3132FD0D8F9AEE96CE537EE93EA0452CA488BABC048ED820C1836ED9500A915
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9FAB.tmp
    Filesize

    7.8MB

    MD5

    f3d86890711e38c90b325a2d43a90ccd

    SHA1

    4f2cc299ae04bbb86f987440b7f3c7bb572337b7

    SHA256

    b703308a351049448f1962129bd7c679fd02118b7f98afc17f31b1d38b771d4a

    SHA512

    058477906e0d3b77371dc40f5aa19bdab00bf40ea2685207832bda1851874e17f4b9352cf4e04f71ffd495e4a5fcffc686c4ac8edbcf0f36606afc8eb54b5a28

    Download Submit

  • memory/220-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/740-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download