Analysis
-
max time kernel
122s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 16:14
Behavioral task
behavioral1
Sample
ec2cd68c39b0f801d3d4567410735720.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ec2cd68c39b0f801d3d4567410735720.exe
Resource
win10v2004-20231215-en
General
-
Target
ec2cd68c39b0f801d3d4567410735720.exe
-
Size
1.3MB
-
MD5
ec2cd68c39b0f801d3d4567410735720
-
SHA1
f6d452e3df0a70bdbd85e082d32a0b6b6fbf10c1
-
SHA256
c048541bc9b490e97d68b40e4f5c7e7b3d14213875b05ee397cdf767beb49ba5
-
SHA512
0e8daa92b63446210d75323d4db823198f631ab35a6452dfa38abe5dee2bce11f3cd63c76bcaa331d19ea3269ba3288955e981bbcf7f1648a2f32258249b01bd
-
SSDEEP
24576:K4hJ0gAeWkpQG2WwvE0T3p+DRFN41o5iWq7wTLh2AxSvuxNa2fU9/9Us:K4hJ0g/jj2WeE43ps80dqJAcvXR9j
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2276 ec2cd68c39b0f801d3d4567410735720.exe -
Executes dropped EXE 1 IoCs
pid Process 2276 ec2cd68c39b0f801d3d4567410735720.exe -
Loads dropped DLL 1 IoCs
pid Process 1348 ec2cd68c39b0f801d3d4567410735720.exe -
resource yara_rule behavioral1/memory/1348-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral1/files/0x0008000000012284-10.dat upx behavioral1/files/0x0008000000012284-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1348 ec2cd68c39b0f801d3d4567410735720.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1348 ec2cd68c39b0f801d3d4567410735720.exe 2276 ec2cd68c39b0f801d3d4567410735720.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1348 wrote to memory of 2276 1348 ec2cd68c39b0f801d3d4567410735720.exe 27 PID 1348 wrote to memory of 2276 1348 ec2cd68c39b0f801d3d4567410735720.exe 27 PID 1348 wrote to memory of 2276 1348 ec2cd68c39b0f801d3d4567410735720.exe 27 PID 1348 wrote to memory of 2276 1348 ec2cd68c39b0f801d3d4567410735720.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe"C:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1348 -
C:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exeC:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2276
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
570KB
MD59d83c1316421f686b01b1b43ac25363a
SHA1dcac7b2ff15d37cb5227f0889d9b3d57b8ed55fc
SHA2563a22107ffd132b6c912e994b45cb2a6ec5c949a99ccf49720daaf13700db2a00
SHA512a46eeca4db54462379d0a2737aa5c63b4347621c69f30689cce265a6c4fd2c0af34231a7780be0fe4df418658a6bd9d571a3f3e0c7decf139820695a90aa6abf
-
Filesize
45KB
MD5a06380d4111b78ef505f69444bb5fe8f
SHA11e61901f38aa34b1a6d4ee6444043ad371c59895
SHA2568ef8f170fc69c5dd345717b919b26673a0b85782a25477313a03e8aa5c9c670c
SHA512555c2f2507f5f907af96a7285fe87341f8d439d12216e1ad3d03e6164a473fb586cc3d29eb920a613f6b1f622453a6eaba439a844d320e44cba2231440a3b0d5