Analysis
-
max time kernel
184s -
max time network
191s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-12-2023 15:15
Static task
static1
Behavioral task
behavioral1
Sample
288b4c8aa99098de451ce15aaa1bed0f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
288b4c8aa99098de451ce15aaa1bed0f.exe
Resource
win10v2004-20231215-en
General
-
Target
288b4c8aa99098de451ce15aaa1bed0f.exe
-
Size
84KB
-
MD5
288b4c8aa99098de451ce15aaa1bed0f
-
SHA1
13a367528fc9424698d826a8f746bb235a83f547
-
SHA256
2f454c8a69d96e0e1450d78e3409fdace8c8b8c6f702bcfb99cffd5b6305dbe6
-
SHA512
a99729860f4e877d227fdbd848276d3d0be0337ab88616dd2c64a187f777b27a5c39d543a08c9f4e86d0f90be34a5e8ac062e69dc4b9df8a0dfa36516a652860
-
SSDEEP
1536:NH1d81d774RKN7vvCXrUwPnlWfDcRecpz+H94/0qz6XjaJ8t2Rr26B3bkZDiEvxC:OnLCXr3GDc4c27xNt2dv3WDi4C
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2712 288b4c8aa99098de451ce15aaa1bed0f.exe -
Executes dropped EXE 1 IoCs
pid Process 2712 288b4c8aa99098de451ce15aaa1bed0f.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2748 288b4c8aa99098de451ce15aaa1bed0f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2748 288b4c8aa99098de451ce15aaa1bed0f.exe 2712 288b4c8aa99098de451ce15aaa1bed0f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2748 wrote to memory of 2712 2748 288b4c8aa99098de451ce15aaa1bed0f.exe 91 PID 2748 wrote to memory of 2712 2748 288b4c8aa99098de451ce15aaa1bed0f.exe 91 PID 2748 wrote to memory of 2712 2748 288b4c8aa99098de451ce15aaa1bed0f.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\288b4c8aa99098de451ce15aaa1bed0f.exe"C:\Users\Admin\AppData\Local\Temp\288b4c8aa99098de451ce15aaa1bed0f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Users\Admin\AppData\Local\Temp\288b4c8aa99098de451ce15aaa1bed0f.exeC:\Users\Admin\AppData\Local\Temp\288b4c8aa99098de451ce15aaa1bed0f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2712
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD523ee81fa59130aaf4fba0320d27ccdff
SHA12f4c91be48a1f105ad77e1b4bb32c79c736a625b
SHA256ef7753861ae014ff8daf7775c4da1e66ba6863876301b28a743b4d4da1965ebc
SHA512747feb3fa45bc930e69483e59260e4efa0e5d85d6f33fe2f7d66b3c32d0f02dd71b31ac0a086be33e8c2ad907a9a964cdd0b6de3b434adbe20c0c72c24aa7cc8