0c9da9c985f624bfdaf924b2145c6d1b1d651e133edc56ef9d81a5f726405a8c

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59f8cc8ef084748175a06c24d5fefeb7.exe
Size

169KB
MD5

59f8cc8ef084748175a06c24d5fefeb7
SHA1

5a01df05af9056eb9546e1c9ed5a419ae844cb4d
SHA256

0c9da9c985f624bfdaf924b2145c6d1b1d651e133edc56ef9d81a5f726405a8c
SHA512

ea0256d09b509a2b7411348f8b257d8b9f22ef6f2590269de77e365a31483490e6f793cd143a20fd3a5ae0f53cf9565b881fc31eff76e57e78d4ae38f4b04ae8
SSDEEP

3072:TDSKCizs4AV1zH5fVN4WtKgSgK4JZX+F2M46X6t1e75bCyZ94hi1ffHef0ZgUKR9:TDSLzPzH5X4KKG7X+F2gX975jUEeseUa

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2212	59f8cc8ef084748175a06c24d5fefeb7.exe

Executes dropped EXE 1 IoCs

pid	Process
2212	59f8cc8ef084748175a06c24d5fefeb7.exe

Loads dropped DLL 1 IoCs

pid	Process
1836	59f8cc8ef084748175a06c24d5fefeb7.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1836	59f8cc8ef084748175a06c24d5fefeb7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1836	59f8cc8ef084748175a06c24d5fefeb7.exe
2212	59f8cc8ef084748175a06c24d5fefeb7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2212	1836	59f8cc8ef084748175a06c24d5fefeb7.exe	16
PID 1836 wrote to memory of 2212	1836	59f8cc8ef084748175a06c24d5fefeb7.exe	16
PID 1836 wrote to memory of 2212	1836	59f8cc8ef084748175a06c24d5fefeb7.exe	16
PID 1836 wrote to memory of 2212	1836	59f8cc8ef084748175a06c24d5fefeb7.exe	16

C:\Users\Admin\AppData\Local\Temp\59f8cc8ef084748175a06c24d5fefeb7.exe
C:\Users\Admin\AppData\Local\Temp\59f8cc8ef084748175a06c24d5fefeb7.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2212

C:\Users\Admin\AppData\Local\Temp\59f8cc8ef084748175a06c24d5fefeb7.exe
"C:\Users\Admin\AppData\Local\Temp\59f8cc8ef084748175a06c24d5fefeb7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\59f8cc8ef084748175a06c24d5fefeb7.exe

Filesize
93KB

MD5
a9d13bacbcb3925f7d0f4fd852030fc0

SHA1
a5fd270e85efca02bae1ee915aa52ebc4177f050

SHA256
f89cc63019bcf1af269db50ed366acfc89dec75599d008f00082a40900fb18f0

SHA512
d9f4bce9d2af74c55530d6c5c9e419a9b64889fc92303712363ab7888bc86c5443dfbda3c239878f08b66ec1daaa54d8ea64d2111fce01245daa3fc5f253c0c3

Download Submit
\Users\Admin\AppData\Local\Temp\59f8cc8ef084748175a06c24d5fefeb7.exe

Filesize
169KB

MD5
fc261fe87e72b7e3cc5720d79aec29fa

SHA1
e1cf0ff4caea875aa74a6f4008600bd3b8c2642f

SHA256
100f0e4209b15119b0b4b0165e0c116ce797a42427038142d741cdd954a262c7

SHA512
4ac2551069325ac4509bb34890d0dfb639fd313b434749de44d9e1658fa1411b832b66238c4eed49c4e64d22e1ce535b16bdfb84ec9f84bb79ba80f3d9b06395

Download Submit
memory/1836-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1836-16-0x0000000000210000-0x000000000023F000-memory.dmp

Filesize
188KB

Download
memory/1836-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1836-9-0x00000000001D0000-0x00000000001FF000-memory.dmp

Filesize
188KB

Download
memory/1836-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2212-18-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2212-29-0x0000000000220000-0x000000000023B000-memory.dmp

Filesize
108KB

Download
memory/2212-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2212-20-0x00000000001C0000-0x00000000001EF000-memory.dmp

Filesize
188KB

Download