Analysis
-
max time kernel
122s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24-12-2023 14:32
Static task
static1
Behavioral task
behavioral1
Sample
011dfd81a2a12ace81deb58f85f64b3b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
011dfd81a2a12ace81deb58f85f64b3b.exe
Resource
win10v2004-20231215-en
General
-
Target
011dfd81a2a12ace81deb58f85f64b3b.exe
-
Size
84KB
-
MD5
011dfd81a2a12ace81deb58f85f64b3b
-
SHA1
ee2f298a615edfd41c6a1d34eabe97edeb1e5be5
-
SHA256
c172fa590cd1b6a1590f524559532bbc321761f0f5b60ff29c494c8615cea4f5
-
SHA512
a6a76de72a50e9d5de771aa78fd28ceeb3e8eede07480345cdddc26fb0eabcf88766f4a2e3357a6dc2071cf334a9b53d14e565703ade5ae6f964b6871e12e04f
-
SSDEEP
1536:jv/KlOTueV9Ja7igWONGVT7/P+CP+LLs/nA/yUGmvKfp1Q8uA6IN0sut+jBBDzBK:T/KlOTr9Jae3lpz+fUnDzeGQ8VrJnzDs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2396 011dfd81a2a12ace81deb58f85f64b3b.exe -
Executes dropped EXE 1 IoCs
pid Process 2396 011dfd81a2a12ace81deb58f85f64b3b.exe -
Loads dropped DLL 1 IoCs
pid Process 1232 011dfd81a2a12ace81deb58f85f64b3b.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1232 011dfd81a2a12ace81deb58f85f64b3b.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1232 011dfd81a2a12ace81deb58f85f64b3b.exe 2396 011dfd81a2a12ace81deb58f85f64b3b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1232 wrote to memory of 2396 1232 011dfd81a2a12ace81deb58f85f64b3b.exe 29 PID 1232 wrote to memory of 2396 1232 011dfd81a2a12ace81deb58f85f64b3b.exe 29 PID 1232 wrote to memory of 2396 1232 011dfd81a2a12ace81deb58f85f64b3b.exe 29 PID 1232 wrote to memory of 2396 1232 011dfd81a2a12ace81deb58f85f64b3b.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\011dfd81a2a12ace81deb58f85f64b3b.exe"C:\Users\Admin\AppData\Local\Temp\011dfd81a2a12ace81deb58f85f64b3b.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1232 -
C:\Users\Admin\AppData\Local\Temp\011dfd81a2a12ace81deb58f85f64b3b.exeC:\Users\Admin\AppData\Local\Temp\011dfd81a2a12ace81deb58f85f64b3b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2396
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5b02fe6eb88c5aec3e2b14450735ea6a3
SHA163bc7f896b796311bd7ee004d5f376244868629b
SHA256cf7d713c135454d4025f76e165a3ed24c4f2e080b2163967392fc813d8aa8b4f
SHA5129b67bfce99b49fde97a5e4113370e87c83f59a7415539d451e8bdaabaff2643fc1dc95e376169c8d58a19cfd30f900d764f21eddded805c62a0cbfbcd3a4e92e