Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24-12-2023 17:44
Static task
static1
Behavioral task
behavioral1
Sample
0927a20cfdd95461edf8ace6e2920975.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0927a20cfdd95461edf8ace6e2920975.exe
Resource
win10v2004-20231215-en
General
-
Target
0927a20cfdd95461edf8ace6e2920975.exe
-
Size
105KB
-
MD5
0927a20cfdd95461edf8ace6e2920975
-
SHA1
95dc3b72dcaeba882486c8480ee3bf9fcd6b184a
-
SHA256
92ac14c4fa442f3cbb46e4df7fc3d3d7cc080534c9256fdcd1c3977ad4c6ce6e
-
SHA512
ce7f006d962d9b4e85e4da6de8e6017e15fb181c40edfb7352cd949ff5840e3c91d079a6b150e4a17500e4f9440e8876c7da7ccda79a283c8470bb0ad36cfaeb
-
SSDEEP
1536:mct+aKxos5K/5ANSGqqQYzETJjlBaMdLJZqm++mt3s8MfiTt6DtW9YH:PtmvQhXjBXJ7VDqLVupW9i
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2252 0927a20cfdd95461edf8ace6e2920975.exe -
Executes dropped EXE 1 IoCs
pid Process 2252 0927a20cfdd95461edf8ace6e2920975.exe -
Loads dropped DLL 1 IoCs
pid Process 2104 0927a20cfdd95461edf8ace6e2920975.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2104 0927a20cfdd95461edf8ace6e2920975.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2104 0927a20cfdd95461edf8ace6e2920975.exe 2252 0927a20cfdd95461edf8ace6e2920975.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2104 wrote to memory of 2252 2104 0927a20cfdd95461edf8ace6e2920975.exe 29 PID 2104 wrote to memory of 2252 2104 0927a20cfdd95461edf8ace6e2920975.exe 29 PID 2104 wrote to memory of 2252 2104 0927a20cfdd95461edf8ace6e2920975.exe 29 PID 2104 wrote to memory of 2252 2104 0927a20cfdd95461edf8ace6e2920975.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\0927a20cfdd95461edf8ace6e2920975.exe"C:\Users\Admin\AppData\Local\Temp\0927a20cfdd95461edf8ace6e2920975.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Users\Admin\AppData\Local\Temp\0927a20cfdd95461edf8ace6e2920975.exeC:\Users\Admin\AppData\Local\Temp\0927a20cfdd95461edf8ace6e2920975.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2252
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD57e15acb7d252bd049c1aae778262c03c
SHA14374441e737f710be8676d50d0ca5e2e61039118
SHA25682474b3d03f0148029335f59b2f4ccdeba8bab124e73e2edfc1676c34e870fe3
SHA5127ad429ca87b8ec97403421af1363551d9af147d1625677c1e60462bcebd9a70439c68291badd80def19c1caf005d6db0b0f44d67433e9a6a1a66102e8f4e9586