d423a55af30e12d781bd503cd8d0a99f07481b3d00713729397587d6e11e85a1

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15/10/2023, 19:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1cfba652a2d1c18b4152f58cdca69750_console.exe
Size

320KB
MD5

1cfba652a2d1c18b4152f58cdca69750
SHA1

248cb159fc8f5a5c661002d5dc482f6950b06c4f
SHA256

d423a55af30e12d781bd503cd8d0a99f07481b3d00713729397587d6e11e85a1
SHA512

f42ba902d33abfd1a8761c86e911dfdddcbe8a8f7e8185f0cc9205353018faf077a9f1dcfaca38f23b2c91e21891dc65f78b9e1c1a824485eda5b8692a2696d6
SSDEEP

6144:y5DfGVn5qemb50/WA0nCWEUrABmcG1B7qV40saiigCDN:hV5B+XA0n3ABmcG1BmVQ5zCDN

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1252	1cfba652a2d1c18b4152f58cdca69750_console.exe

Executes dropped EXE 1 IoCs

pid	Process
1252	1cfba652a2d1c18b4152f58cdca69750_console.exe

Loads dropped DLL 1 IoCs

pid	Process
2332	1cfba652a2d1c18b4152f58cdca69750_console.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2332	1cfba652a2d1c18b4152f58cdca69750_console.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1252	1cfba652a2d1c18b4152f58cdca69750_console.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1252	2332	1cfba652a2d1c18b4152f58cdca69750_console.exe	29
PID 2332 wrote to memory of 1252	2332	1cfba652a2d1c18b4152f58cdca69750_console.exe	29
PID 2332 wrote to memory of 1252	2332	1cfba652a2d1c18b4152f58cdca69750_console.exe	29
PID 2332 wrote to memory of 1252	2332	1cfba652a2d1c18b4152f58cdca69750_console.exe	29

C:\Users\Admin\AppData\Local\Temp\1cfba652a2d1c18b4152f58cdca69750_console.exe
"C:\Users\Admin\AppData\Local\Temp\1cfba652a2d1c18b4152f58cdca69750_console.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\1cfba652a2d1c18b4152f58cdca69750_console.exe
  C:\Users\Admin\AppData\Local\Temp\1cfba652a2d1c18b4152f58cdca69750_console.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1cfba652a2d1c18b4152f58cdca69750_console.exe

Filesize
320KB

MD5
e399f7489b0e60878d4fac7ef47fd09c

SHA1
e882e51a12189d0a732ac55ddbd348c6052ab184

SHA256
aa1b384726cb6915b31fa4cb85777b7748cab707228da060ea8d870b5f28e646

SHA512
ba10b0f570e886bcb985234c830d4db30d1bbcd66ef0f55f2cf786e75761f03144785d4e4a960f2395de215fe2ae54aace9549205e3bcb0ef2f8777b9cd0cfca

Download Submit
C:\Users\Admin\AppData\Local\Temp\1cfba652a2d1c18b4152f58cdca69750_console.exe

Filesize
320KB

MD5
e399f7489b0e60878d4fac7ef47fd09c

SHA1
e882e51a12189d0a732ac55ddbd348c6052ab184

SHA256
aa1b384726cb6915b31fa4cb85777b7748cab707228da060ea8d870b5f28e646

SHA512
ba10b0f570e886bcb985234c830d4db30d1bbcd66ef0f55f2cf786e75761f03144785d4e4a960f2395de215fe2ae54aace9549205e3bcb0ef2f8777b9cd0cfca

Download Submit
\Users\Admin\AppData\Local\Temp\1cfba652a2d1c18b4152f58cdca69750_console.exe

Filesize
320KB

MD5
e399f7489b0e60878d4fac7ef47fd09c

SHA1
e882e51a12189d0a732ac55ddbd348c6052ab184

SHA256
aa1b384726cb6915b31fa4cb85777b7748cab707228da060ea8d870b5f28e646

SHA512
ba10b0f570e886bcb985234c830d4db30d1bbcd66ef0f55f2cf786e75761f03144785d4e4a960f2395de215fe2ae54aace9549205e3bcb0ef2f8777b9cd0cfca

Download Submit
memory/1252-9-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1252-11-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1252-12-0x0000000000170000-0x00000000001AF000-memory.dmp

Filesize
252KB

Download
memory/1252-17-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2332-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2332-10-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download