Analysis
-
max time kernel
29s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20/10/2022, 02:30
Static task
static1
Behavioral task
behavioral1
Sample
f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe
Resource
win10v2004-20220812-en
General
-
Target
f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe
-
Size
232KB
-
MD5
750cbeabaac3272c19b12dc8a99750c7
-
SHA1
15d806790df8055dfc363e5dd70015db04ea9b45
-
SHA256
f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd
-
SHA512
4e4171705d2a9a35e8aa6afc185a97da21b3c671a86e854d1fddfcaa6230f9c3320472bc132d384ee09e9e98d7880284b15e36f562a3f659037c9a330697ef4e
-
SSDEEP
6144:arPZaPoYNkGAYnm149RQC0W7cyqCxSngmV:KlYpAYm149RQo0npV
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1560 f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe -
Deletes itself 1 IoCs
pid Process 1560 f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe -
Loads dropped DLL 1 IoCs
pid Process 904 f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 904 f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1560 f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 904 wrote to memory of 1560 904 f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe 27 PID 904 wrote to memory of 1560 904 f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe 27 PID 904 wrote to memory of 1560 904 f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe 27 PID 904 wrote to memory of 1560 904 f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe"C:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:904 -
C:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exeC:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe2⤵
- Executes dropped EXE
- Deletes itself
- Suspicious use of UnmapMainImage
PID:1560
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe
Filesize232KB
MD502b0f22a472d92af74c260fe3e301dbe
SHA19117a6a25acf75da1488237cf4f992c5c0fa23ad
SHA25682d068d511035cbaf2d4203928b5bcc3482bc1a1dfe510e2254c83d603827b7e
SHA5126f00b1b61370a8a73925c398fbd61ffe586075a973d6f5c2f421134fc6b0b165ae51e30afe6343b5b588c77bfd57cacec1689ce56f7b8b1802b5b082b460e977
-
\Users\Admin\AppData\Local\Temp\f6eb4f516ae2057b0239502050307c9c30058c0790c91737f8e823663d3460bd.exe
Filesize232KB
MD502b0f22a472d92af74c260fe3e301dbe
SHA19117a6a25acf75da1488237cf4f992c5c0fa23ad
SHA25682d068d511035cbaf2d4203928b5bcc3482bc1a1dfe510e2254c83d603827b7e
SHA5126f00b1b61370a8a73925c398fbd61ffe586075a973d6f5c2f421134fc6b0b165ae51e30afe6343b5b588c77bfd57cacec1689ce56f7b8b1802b5b082b460e977