Overview

overview

7

Static

static

3

218d60ef23...94.exe

windows7-x64

7

218d60ef23...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    218d60ef23d007dbbb18e4947ca4f294.exe

  • Size

    1000KB

  • MD5

    218d60ef23d007dbbb18e4947ca4f294

  • SHA1

    27c2a1c72e129f6e9cc14bc2094ed615115b9457

  • SHA256

    a56e4b0fc745d4fb271c54d5a6a7f6498e6250861775d2ec2e6bb939b4a68acf

  • SHA512

    cf9b0bc367b5bfb81b525161464be2bf7b8b5dbd5250e83b880355aff7e4ad31e4835fa6e186018df00fdef80c1612a6b272c0af0f33e6cbdaaccd182079ae5a

  • SSDEEP

    12288:IlQamVlU8J2ACPIKMWJbH+Twf9+lTxlcFmp00tECaBwQ2tb5JLrnylUPqt0gHDSS:LUC2A1W0E8lTx500G1B+5vMiqt0gj2ed

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\218d60ef23d007dbbb18e4947ca4f294.exe
    "C:\Users\Admin\AppData\Local\Temp\218d60ef23d007dbbb18e4947ca4f294.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Users\Admin\AppData\Local\Temp\218d60ef23d007dbbb18e4947ca4f294.exe
      C:\Users\Admin\AppData\Local\Temp\218d60ef23d007dbbb18e4947ca4f294.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1604
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\218d60ef23d007dbbb18e4947ca4f294.exe" /TN Google_Trk_Updater /F
        3⤵
        • Creates scheduled task(s)
        PID:3080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\218d60ef23d007dbbb18e4947ca4f294.exe
    Filesize

    1000KB

    MD5

    9421751a2c8260ef7af22c9aa14994ce

    SHA1

    a1d22994350f8f40a271d4aee60141adf2ebb3fd

    SHA256

    aa20dbe8aefd903e3c3b041975f448d7c17ea3ed979101462bec9d94d66ba49a

    SHA512

    d56e8588ac42a62aa375ea77e05776ee0d7579a9db6a73d794807597dbdd6b0d630d20e200fbaf4aea6e99cbe216ae317ba1856dc9adb53f4cc9d05257d9f09f

    Download Submit

  • memory/1604-13-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/1604-14-0x0000000001510000-0x0000000001593000-memory.dmp

    Filesize

    524KB

    Download

  • memory/1604-20-0x0000000004F70000-0x0000000004FEE000-memory.dmp

    Filesize

    504KB

    Download

  • memory/1604-21-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1604-27-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2548-0-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2548-1-0x0000000001510000-0x0000000001593000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2548-2-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2548-11-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download