Overview

overview

10

Static

static

10

c39e5e5773...fb.exe

windows7-x64

7

c39e5e5773...fb.exe

windows10-2004-x64

7

c3a61d282c...2f.exe

windows7-x64

7

c3a61d282c...2f.exe

windows10-2004-x64

7

c3aaa8d067...d1.exe

windows7-x64

10

c3aaa8d067...d1.exe

windows10-2004-x64

10

c40612db16...6d.exe

windows7-x64

10

c40612db16...6d.exe

windows10-2004-x64

10

c45000d072...99.exe

windows7-x64

10

c45000d072...99.exe

windows10-2004-x64

10

c4639b8ab9...97.exe

windows7-x64

10

c4639b8ab9...97.exe

windows10-2004-x64

10

c47cd91636...6d.exe

windows7-x64

1

c47cd91636...6d.exe

windows10-2004-x64

1

c486ed6acb...df.exe

windows7-x64

7

c486ed6acb...df.exe

windows10-2004-x64

7

c4b4c8152f...dc.exe

windows7-x64

10

c4b4c8152f...dc.exe

windows10-2004-x64

10

c4c197e502...e0.exe

windows7-x64

10

c4c197e502...e0.exe

windows10-2004-x64

10

c4ca622404...18.exe

windows7-x64

10

c4ca622404...18.exe

windows10-2004-x64

10

c50b533887...50.exe

windows7-x64

10

c50b533887...50.exe

windows10-2004-x64

10

c50b94cf52...6f.exe

windows7-x64

10

c50b94cf52...6f.exe

windows10-2004-x64

10

c520bfebf2...a2.exe

windows7-x64

8

c520bfebf2...a2.exe

windows10-2004-x64

10

c53059381a...48.exe

windows7-x64

10

c53059381a...48.exe

windows10-2004-x64

10

c59549cfc2...b8.exe

windows7-x64

1

c59549cfc2...b8.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3a61d282c9a5249427d1c50d79414b05441de100982cf90354b0466ec013e2f.exe

  • Size

    7.9MB

  • MD5

    f9ccfba03895eb7877510ace1bf59a71

  • SHA1

    87a165c002005a72324064922faf48c55ed809b6

  • SHA256

    c3a61d282c9a5249427d1c50d79414b05441de100982cf90354b0466ec013e2f

  • SHA512

    b61f17eb86b5d79e228100228f785703cc1582867b5be13b0ceda0bbe4329e2ccb31981365d0edd428e34c9db5f40bc5bc9faa54c52043f5c0983ae288ae8e47

  • SSDEEP

    196608:c9sGLbd7rEWWn87E3QeotSqrG8YqcIXcZZBy:cmqbhrEbn87eZsFmq+m

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3a61d282c9a5249427d1c50d79414b05441de100982cf90354b0466ec013e2f.exe
    "C:\Users\Admin\AppData\Local\Temp\c3a61d282c9a5249427d1c50d79414b05441de100982cf90354b0466ec013e2f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3648
    • C:\Users\Admin\AppData\Local\Temp\XcoDVEj.exe
      QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGMzYTYxZDI4MmM5YTUyNDk0MjdkMWM1MGQ3OTQxNGIwNTQ0MWRlMTAwOTgyY2Y5MDM1NGIwNDY2ZWMwMTNlMmYuZXhl 7
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\XcoDVEj.exe
    Filesize

    7.9MB

    MD5

    d3219bf74cc7722f335d6cf396c3fed5

    SHA1

    a100a34ddd71d0f17ab8447cefed6eaeef1dfda7

    SHA256

    1b8e6c8bef72e853c5f33ca09bbde34e7551496b1adf3d4387e2adf3b866ef10

    SHA512

    c856e6ce286bee4a4dd4311810ce3c700608ae0401dba5c8d5b58b0a9e2ca5420f0a21ac4c76e367671a4da365e009af789efe01118f61682722bbae613b684a

    Download Submit

  • memory/1864-19-0x000001E35AFC0000-0x000001E35AFF8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1864-20-0x000001E35AF30000-0x000001E35AF3E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1864-13-0x00007FFD63260000-0x00007FFD63D21000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1864-30-0x00007FFD63260000-0x00007FFD63D21000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1864-29-0x00007FFD63260000-0x00007FFD63D21000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1864-14-0x000001E33E090000-0x000001E33F3A2000-memory.dmp

    Filesize

    19.1MB

    Download

  • memory/1864-15-0x00007FFD63260000-0x00007FFD63D21000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1864-16-0x000001E35A760000-0x000001E35A768000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1864-25-0x000001E35F610000-0x000001E360096000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/1864-17-0x000001E35A750000-0x000001E35A760000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1864-18-0x000001E35AF40000-0x000001E35AF48000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1864-27-0x000001E35F610000-0x000001E360096000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/1864-23-0x000001E35F610000-0x000001E360096000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/1864-24-0x00007FFD81830000-0x00007FFD81832000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3648-0-0x00007FFD63263000-0x00007FFD63265000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3648-2-0x00007FFD63260000-0x00007FFD63D21000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3648-1-0x0000026C09E30000-0x0000026C0B142000-memory.dmp

    Filesize

    19.1MB

    Download

  • memory/3648-12-0x00007FFD63260000-0x00007FFD63D21000-memory.dmp

    Filesize

    10.8MB

    Download