Analysis
-
max time kernel
192s -
max time network
212s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-12-2023 15:56
Static task
static1
Behavioral task
behavioral1
Sample
2b164e7165afddebc3a795016cef07f1.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2b164e7165afddebc3a795016cef07f1.exe
Resource
win10v2004-20231215-en
General
-
Target
2b164e7165afddebc3a795016cef07f1.exe
-
Size
1.5MB
-
MD5
2b164e7165afddebc3a795016cef07f1
-
SHA1
2b450a69aaf208fb2471998bfc85000407d11e2d
-
SHA256
a0e96247a16699f65bae32b9c5ed7bed1efae83f391988cd31a794ccb575c706
-
SHA512
d294a5e9460619a6997e1dcfc98e5abfd0941c4bb1e56e781d1b06b4e083ffded365829c31604bdc2620f67b6cb2cd77db0632ec5255512be2689d2f053d8938
-
SSDEEP
49152:lrq0R07QQmgtdejDiuTuSrhBBtyGOJofSZ:hq0+7P3eH/rKGO2W
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2300 6A1F.tmp -
Executes dropped EXE 1 IoCs
pid Process 2300 6A1F.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1384 wrote to memory of 2300 1384 2b164e7165afddebc3a795016cef07f1.exe 92 PID 1384 wrote to memory of 2300 1384 2b164e7165afddebc3a795016cef07f1.exe 92 PID 1384 wrote to memory of 2300 1384 2b164e7165afddebc3a795016cef07f1.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b164e7165afddebc3a795016cef07f1.exe"C:\Users\Admin\AppData\Local\Temp\2b164e7165afddebc3a795016cef07f1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Users\Admin\AppData\Local\Temp\6A1F.tmp"C:\Users\Admin\AppData\Local\Temp\6A1F.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2b164e7165afddebc3a795016cef07f1.exe 0388DBEDA6FD18561A57E6A52B90F8690CE5538C00399D3413CEA0DE15C69A54EF490B99FCBF3F607368B941D3B4AC54025111E572C33D43F83A5E8E76A2C3AE2⤵
- Deletes itself
- Executes dropped EXE
PID:2300
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
140KB
MD50e6bb442441d2a1084604b9bf2f945e4
SHA1cab35982db12b6ae0d8b69ff2b74a175c9e9602b
SHA256881627f4c4e6c95681379df5fd802587c6d8f413d8d6e16ce27c7d59aeff3bbd
SHA512cef179db5c433844fee27ff0b01661589598eb10d641692415bd9983b94982008575a177f46bf554c5c5640e1ab38b2e5e01a2e05e9f045df8e5ccbdf2f571c3
-
Filesize
410KB
MD52ce17c37326f9553d85cdcbb096927e0
SHA1b8318dc87730184a2f29ab5398ada3cb59a31dd5
SHA256bd3f730fd711df628f365dc5d6289207eb219adfac256aceaf0f1b74ec8b5d76
SHA51265375325a44da5282b16be860a095b53ebb8488fc5e89ce3825e9602f87f6528da9bc0fd91c703b1c77f7a4d62044d54a59e35873dcb3860ba8fc196ccc591db