Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
22-12-2023 14:44
Static task
static1
Behavioral task
behavioral1
Sample
c96a3626b2f444249013d7744c2db1cb.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c96a3626b2f444249013d7744c2db1cb.exe
Resource
win10v2004-20231215-en
General
-
Target
c96a3626b2f444249013d7744c2db1cb.exe
-
Size
1.9MB
-
MD5
c96a3626b2f444249013d7744c2db1cb
-
SHA1
617c32d55c4913e55997e605e69bfd27a87e9443
-
SHA256
c14e4a16c81c21c2577d33d0d0ad748dfafa52ae1c619dff2da1566cab923142
-
SHA512
6d9e1aaaaf1f330aee3978f4a83d4cb208b262183af1fc5aa9c1b23ec35904eb15ead31ec3a278d4b5370262d35e801e02b6f20b8a2ed7a604050019696dda57
-
SSDEEP
49152:Qoa1taC070daZMSyE93VhPhhUiActKI8q:Qoa1taC0NZMvE9taiAcYI8q
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 400 6567.tmp -
Executes dropped EXE 1 IoCs
pid Process 400 6567.tmp -
Loads dropped DLL 1 IoCs
pid Process 3000 c96a3626b2f444249013d7744c2db1cb.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3000 wrote to memory of 400 3000 c96a3626b2f444249013d7744c2db1cb.exe 28 PID 3000 wrote to memory of 400 3000 c96a3626b2f444249013d7744c2db1cb.exe 28 PID 3000 wrote to memory of 400 3000 c96a3626b2f444249013d7744c2db1cb.exe 28 PID 3000 wrote to memory of 400 3000 c96a3626b2f444249013d7744c2db1cb.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c96a3626b2f444249013d7744c2db1cb.exe"C:\Users\Admin\AppData\Local\Temp\c96a3626b2f444249013d7744c2db1cb.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Users\Admin\AppData\Local\Temp\6567.tmp"C:\Users\Admin\AppData\Local\Temp\6567.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c96a3626b2f444249013d7744c2db1cb.exe 96AE55C9AA04F559B9ECF38FD5CE32F3FCE8A5E30F8AB7ADE17E03DBFF3038C47B4CFFE4E1BB6E54E34B899E7C7974A4008C5707AFCB5DB15C6FC043FF3A200A2⤵
- Deletes itself
- Executes dropped EXE
PID:400
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
110KB
MD5d80ff4a760b29e61af452221ce3b2e7b
SHA1ca529ea8dd00099ee28dd5e189693ef88c4c621f
SHA256d696467fc7f21d48b496ca07ccce56886c98ec70853194b39c924f91a9bda547
SHA51259dec8c6d466fb70560532e93ecbda15eb4d6ae797a52fa4aa9345d556bfd11f880e5786984f1ed9b64dc9112227e9652e2a0515608eb9799d74e4388a53853d
-
Filesize
262KB
MD55eef5b6b9ecc4314a865ad8ecb88c7f3
SHA1271ad25e2bc2de1eb0e69ced7ad16ac96657a584
SHA256141f2b9c19f2006e5511137253e8ab3b671d78565b97664544a9cc5bec526506
SHA51218c25a65a978b56757e081bd5ef36ebc91d0453944bc72af3c9ecc8d953063ef9973bb01e104abe56b1e777aa0fa4f92bf5f71097f5932a3182b29de04ccbdb9