4057f3393fe9214d918def80fc3e568967560eb92470fdab02952011138b3b83

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

08c5437dac3f1fc02d1cee565906b874.exe
Size

82KB
MD5

08c5437dac3f1fc02d1cee565906b874
SHA1

c484c391c737e62b8a98a762f697866bffcad094
SHA256

4057f3393fe9214d918def80fc3e568967560eb92470fdab02952011138b3b83
SHA512

6a469490d570fc1aec2485fbdf07afa1ad234611225414b11e8376cb804b5e672d5f7ffdfccc1771223c2269e6f7a048e983b7df861c1f6202a424c32cb1960d
SSDEEP

1536:z4hKwCIhIeLiOoz8Q9PL/X6FarWiTg1n0muGiC1J4DXic:z4S3ePoz8ULLrWiTmODXZ

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1580	08c5437dac3f1fc02d1cee565906b874.exe

Executes dropped EXE 1 IoCs

pid	Process
1580	08c5437dac3f1fc02d1cee565906b874.exe

Loads dropped DLL 1 IoCs

pid	Process
2340	08c5437dac3f1fc02d1cee565906b874.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2340	08c5437dac3f1fc02d1cee565906b874.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2340	08c5437dac3f1fc02d1cee565906b874.exe
1580	08c5437dac3f1fc02d1cee565906b874.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 1580	2340	08c5437dac3f1fc02d1cee565906b874.exe	23
PID 2340 wrote to memory of 1580	2340	08c5437dac3f1fc02d1cee565906b874.exe	23
PID 2340 wrote to memory of 1580	2340	08c5437dac3f1fc02d1cee565906b874.exe	23
PID 2340 wrote to memory of 1580	2340	08c5437dac3f1fc02d1cee565906b874.exe	23

C:\Users\Admin\AppData\Local\Temp\08c5437dac3f1fc02d1cee565906b874.exe
"C:\Users\Admin\AppData\Local\Temp\08c5437dac3f1fc02d1cee565906b874.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\08c5437dac3f1fc02d1cee565906b874.exe
  C:\Users\Admin\AppData\Local\Temp\08c5437dac3f1fc02d1cee565906b874.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\08c5437dac3f1fc02d1cee565906b874.exe

Filesize
39KB

MD5
1197809e766c68c93ed9cfe2ddbd2df7

SHA1
899b8cb3bf8320e5cf3e2548ef1969a1d8fc7195

SHA256
ab7ad667230661b7f87b1ffb76ea3260791c48e1e4522abde63c8c6e1aa300de

SHA512
46b4536b81fe8342816212046a715aa27c58bc324f47c6b1e8ff8ce568f08602eb31763e3866a68c5bf84edc6487a2b2dbd1eee46b5429df74e977430ee41da7

Download Submit
\Users\Admin\AppData\Local\Temp\08c5437dac3f1fc02d1cee565906b874.exe

Filesize
82KB

MD5
03c9de269d501186d7073c5ad33de062

SHA1
eeb29ffcf87456630862f4bde1bd4cf6885dbecf

SHA256
e9393ea3778330ec45034a39c14f88075311bb10a3d2a5487c67fab7f8e34a75

SHA512
befd91969419952726da11b0692777c7f208bbfb5dad15cf5c99292f75d1207f7d38140157e1a45fb3e050a1b1e5deabc5b59e7c4290d8fd86019bc5af092014

Download Submit
memory/1580-17-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1580-19-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/1580-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1580-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

Filesize
108KB

Download
memory/2340-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2340-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2340-1-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2340-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download