54bbf05ae676ce3c3e96bf5e0fa5e8aa354750e5191e3d776f6503e786970414

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1563b9bc46c56d0e44324da3ced69bcb.exe
Size

84KB
MD5

1563b9bc46c56d0e44324da3ced69bcb
SHA1

42fddbdfc2b6da18ebf17601b5ac7f7fe4d0bec0
SHA256

54bbf05ae676ce3c3e96bf5e0fa5e8aa354750e5191e3d776f6503e786970414
SHA512

7dd212849af7304610a5caacc25787b9f600984212d407c0e23ce0df076735617db49f08517a018767d7f36cb4386bc8cc63b4f563992456d2893a6e8ea7fb91
SSDEEP

1536:Qr83hLy+pyvZLAW5MpY0CEiKB6GM7zSuv/OCpg90KX6aTk98jl:nu+p4ZdMpXCEiKwfS5Cpq0KXdTk98jl

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2436	1563b9bc46c56d0e44324da3ced69bcb.exe

Executes dropped EXE 1 IoCs

pid	Process
2436	1563b9bc46c56d0e44324da3ced69bcb.exe

Loads dropped DLL 1 IoCs

pid	Process
2140	1563b9bc46c56d0e44324da3ced69bcb.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2140	1563b9bc46c56d0e44324da3ced69bcb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2140	1563b9bc46c56d0e44324da3ced69bcb.exe
2436	1563b9bc46c56d0e44324da3ced69bcb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2436	2140	1563b9bc46c56d0e44324da3ced69bcb.exe	19
PID 2140 wrote to memory of 2436	2140	1563b9bc46c56d0e44324da3ced69bcb.exe	19
PID 2140 wrote to memory of 2436	2140	1563b9bc46c56d0e44324da3ced69bcb.exe	19
PID 2140 wrote to memory of 2436	2140	1563b9bc46c56d0e44324da3ced69bcb.exe	19

C:\Users\Admin\AppData\Local\Temp\1563b9bc46c56d0e44324da3ced69bcb.exe
"C:\Users\Admin\AppData\Local\Temp\1563b9bc46c56d0e44324da3ced69bcb.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Users\Admin\AppData\Local\Temp\1563b9bc46c56d0e44324da3ced69bcb.exe
  C:\Users\Admin\AppData\Local\Temp\1563b9bc46c56d0e44324da3ced69bcb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1563b9bc46c56d0e44324da3ced69bcb.exe

Filesize
45KB

MD5
1a88fbf46f50d9646efaf944caca69cf

SHA1
8aef6938fbdf69cdbb5ecd898777ce65a5c21074

SHA256
76a4b38a7ef62203a5a7c8c834f9497abbbccd2269465e31a84e71e507d1cc3e

SHA512
edde9838ec2f6baff4615e2f8b87c886348058125e891e52ef2874e21f8474ac96a34185e06ae57d35d1d404d7d3d321aa635e3fee7e0349c0506bb910eb4c54

Download Submit
\Users\Admin\AppData\Local\Temp\1563b9bc46c56d0e44324da3ced69bcb.exe

Filesize
84KB

MD5
767f5ebab08efe7722fec9e59e18fa9c

SHA1
2dd1d9f3ed8126de59771f7c54cecc1c73bd8ddf

SHA256
2c9783ed2a01ec2e8cf8f992db524bc310481dacab1f7931aa525c0c11bf3d5d

SHA512
e5f94a806787bb6d0586812f18ec4731788c5f8321ad7bffdda5ad9f584bbc43785cb86622115b3bbe02cfc3850eab5187aaba09f8747a8127c5032ee52d27b2

Download Submit
memory/2140-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2140-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2140-6-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2140-16-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/2140-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2436-18-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2436-20-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2436-29-0x00000000001A0000-0x00000000001BB000-memory.dmp

Filesize
108KB

Download
memory/2436-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download