Overview

overview

10

Static

static

10

fe25de503f...5a.exe

windows7-x64

10

fe25de503f...5a.exe

windows10-2004-x64

10

fe282eaa90...45.exe

windows7-x64

10

fe282eaa90...45.exe

windows10-2004-x64

10

fe402f76d3...4d.exe

windows7-x64

10

fe402f76d3...4d.exe

windows10-2004-x64

10

fe55574c53...c0.exe

windows7-x64

1

fe55574c53...c0.exe

windows10-2004-x64

5

fe8a65a43d...3f.exe

windows7-x64

7

fe8a65a43d...3f.exe

windows10-2004-x64

7

fe99ddfdfc...6c.exe

windows7-x64

10

fe99ddfdfc...6c.exe

windows10-2004-x64

10

feb2c82a66...50.exe

windows7-x64

10

feb2c82a66...50.exe

windows10-2004-x64

10

fef2b831e5...91.exe

windows7-x64

8

fef2b831e5...91.exe

windows10-2004-x64

8

ff03c0c01a...cd.exe

windows7-x64

7

ff03c0c01a...cd.exe

windows10-2004-x64

10

ff1699c2d9...5a.exe

windows7-x64

10

ff1699c2d9...5a.exe

windows10-2004-x64

10

ff573ccb26...dd.exe

windows7-x64

10

ff573ccb26...dd.exe

windows10-2004-x64

10

ff5eef1816...3f.exe

windows7-x64

10

ff5eef1816...3f.exe

windows10-2004-x64

10

ff9b69031d...c2.exe

windows7-x64

10

ff9b69031d...c2.exe

windows10-2004-x64

10

ffc0421dee...0b.exe

windows7-x64

10

ffc0421dee...0b.exe

windows10-2004-x64

7

ffc45f2c58...73.exe

windows7-x64

10

ffc45f2c58...73.exe

windows10-2004-x64

10

fffa7ee6ec...91.exe

windows7-x64

10

fffa7ee6ec...91.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe8a65a43dcdd12c0341ab7e5cc56c3f.exe

  • Size

    7.9MB

  • MD5

    fe8a65a43dcdd12c0341ab7e5cc56c3f

  • SHA1

    237ef3713a9ac7680f4f8ffc8c91c75b23f44b70

  • SHA256

    ffb47a00036b3d8580bd9cb61aed80d3658598bf0fc8a96dc8d81f04980a8f65

  • SHA512

    9032a4015ff5d172e26be7f91e6d11f33032784f48fd5f8d51a4d2a8b2a79c634f2efd081ea448728e14dad338f2f76a57a87bb35e22de5fdc04b9ad0eb01c3e

  • SSDEEP

    196608:J9sGLbd7rEWWn87E3QeotSqrG8YqcIXcZZB9:JmqbhrEbn87eZsFmq+J

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe8a65a43dcdd12c0341ab7e5cc56c3f.exe
    "C:\Users\Admin\AppData\Local\Temp\fe8a65a43dcdd12c0341ab7e5cc56c3f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Users\Admin\AppData\Local\Temp\0hIAW.exe
      QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGZlOGE2NWE0M2RjZGQxMmMwMzQxYWI3ZTVjYzU2YzNmLmV4ZQ== 27
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0hIAW.exe
    Filesize

    7.9MB

    MD5

    f585c07c96b57b44f798b85291174b2e

    SHA1

    a39bb0265edfdb9b1c67b9c223e9512b399c022f

    SHA256

    5a4fa8b1c27f7456a6e50460a176f866dfb5d219c0360c2ccaa893151a684e6a

    SHA512

    67c50687651c95c48a704b08af0cb67d6eedc846e64d2ce8d9f243ee2eeb2586ff81d9f5fffc099148cb1a52d49e9c39694b4eaa3c518b5c16716a4de1473307

    Download Submit

  • memory/1532-0-0x00007FFAD8673000-0x00007FFAD8675000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1532-1-0x00000264E9880000-0x00000264EAB92000-memory.dmp

    Filesize

    19.1MB

    Download

  • memory/1532-2-0x00007FFAD8670000-0x00007FFAD9131000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1532-12-0x00007FFAD8670000-0x00007FFAD9131000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1540-18-0x00000275E6C90000-0x00000275E6C98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1540-20-0x00000275E6CE0000-0x00000275E6CEE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1540-15-0x00007FFAD8670000-0x00007FFAD9131000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1540-16-0x00000275CC4D0000-0x00000275CC4D8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1540-17-0x00000275CC4C0000-0x00000275CC4D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1540-13-0x00007FFAD8670000-0x00007FFAD9131000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1540-19-0x00000275E6D10000-0x00000275E6D48000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1540-14-0x00000275C9550000-0x00000275CA862000-memory.dmp

    Filesize

    19.1MB

    Download

  • memory/1540-23-0x00000275EB440000-0x00000275EBEC6000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/1540-24-0x00007FFAF6E50000-0x00007FFAF6E52000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1540-25-0x00000275EB440000-0x00000275EBEC6000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/1540-28-0x00000275EB440000-0x00000275EBEC6000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/1540-27-0x00000275EB440000-0x00000275EBEC6000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/1540-30-0x00007FFAD8670000-0x00007FFAD9131000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1540-31-0x00007FFAD8670000-0x00007FFAD9131000-memory.dmp

    Filesize

    10.8MB

    Download