Analysis
-
max time kernel
117s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 13:25
Behavioral task
behavioral1
Sample
a20178f963069aa52050dcfe24bb95d7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a20178f963069aa52050dcfe24bb95d7.exe
Resource
win10v2004-20231215-en
General
-
Target
a20178f963069aa52050dcfe24bb95d7.exe
-
Size
10.6MB
-
MD5
a20178f963069aa52050dcfe24bb95d7
-
SHA1
b151631e7109044faf4d566a2d7aaf7feeec4ba1
-
SHA256
39be35a600befb79eaeabbe889acd36fd6335c8a4be98acee7b4de996235c354
-
SHA512
58327dd1f9fc908584e9d4be5aa7880aa24234f494c9e987ee4727d72991d79d9ddbdd17b43bc1d504225443137e7eabd30fa9106910b78bcaf1ce691cfbf849
-
SSDEEP
196608:OrZGsO1cHo2gdw1xHo2gd1J0MAckNHo2gdw1xHo2gdD:OrpW2bc2M0Wkm2bc2M
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2076 a20178f963069aa52050dcfe24bb95d7.exe -
Executes dropped EXE 1 IoCs
pid Process 2076 a20178f963069aa52050dcfe24bb95d7.exe -
Loads dropped DLL 1 IoCs
pid Process 2672 a20178f963069aa52050dcfe24bb95d7.exe -
resource yara_rule behavioral1/memory/2672-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral1/files/0x0008000000012287-10.dat upx behavioral1/files/0x0008000000012287-14.dat upx behavioral1/memory/2076-16-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2672 a20178f963069aa52050dcfe24bb95d7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2672 a20178f963069aa52050dcfe24bb95d7.exe 2076 a20178f963069aa52050dcfe24bb95d7.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2672 wrote to memory of 2076 2672 a20178f963069aa52050dcfe24bb95d7.exe 28 PID 2672 wrote to memory of 2076 2672 a20178f963069aa52050dcfe24bb95d7.exe 28 PID 2672 wrote to memory of 2076 2672 a20178f963069aa52050dcfe24bb95d7.exe 28 PID 2672 wrote to memory of 2076 2672 a20178f963069aa52050dcfe24bb95d7.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\a20178f963069aa52050dcfe24bb95d7.exe"C:\Users\Admin\AppData\Local\Temp\a20178f963069aa52050dcfe24bb95d7.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Users\Admin\AppData\Local\Temp\a20178f963069aa52050dcfe24bb95d7.exeC:\Users\Admin\AppData\Local\Temp\a20178f963069aa52050dcfe24bb95d7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2076
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
103KB
MD54f9e78168f614931d94634c37cf990c8
SHA123e3c6045b16359ae91c02fce93a02a45899b39a
SHA25615a9840ff7ed4a21df939dc747a9f336de5658996eabe4a93f608b2382c5f771
SHA512e18be3673aad79f5ea8096638ecd5ea28466e61bd24f41fe10c5677abcb6bf64e51b007813f5356158eab3d847dac44ccff617c42806c66b10174f92e38872e0