Analysis
-
max time kernel
138s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26-12-2023 17:10
Static task
static1
Behavioral task
behavioral1
Sample
7f52921b0a7cdd10a4d811f07e695c7d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7f52921b0a7cdd10a4d811f07e695c7d.exe
Resource
win10v2004-20231215-en
General
-
Target
7f52921b0a7cdd10a4d811f07e695c7d.exe
-
Size
82KB
-
MD5
7f52921b0a7cdd10a4d811f07e695c7d
-
SHA1
3e83472ff03971d36d4cb1d5ccb4479df4c52658
-
SHA256
390bec993b16d74285ebd07fb2d0d71967488621610b9cdb3a68840533912305
-
SHA512
f7cb88693bbd8db3b65b90bd1d15bb29d97f2fea3f45153c0e66dfdd0526366b59824d178fdc9cc88ee216cd623ebf7f652a541c42c0aa67db31428a8239eed9
-
SSDEEP
1536:8bKBccg3K5GGmMxUv6WDPP/fCLkIdjCcbSuhpU+0ZNC1pV0tIVwOf6OiGKZgh:8G5GGm8Uv6WDPP/fCLkI3+uhpURNoceV
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3256 7f52921b0a7cdd10a4d811f07e695c7d.exe -
Executes dropped EXE 1 IoCs
pid Process 3256 7f52921b0a7cdd10a4d811f07e695c7d.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1484 7f52921b0a7cdd10a4d811f07e695c7d.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1484 7f52921b0a7cdd10a4d811f07e695c7d.exe 3256 7f52921b0a7cdd10a4d811f07e695c7d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1484 wrote to memory of 3256 1484 7f52921b0a7cdd10a4d811f07e695c7d.exe 91 PID 1484 wrote to memory of 3256 1484 7f52921b0a7cdd10a4d811f07e695c7d.exe 91 PID 1484 wrote to memory of 3256 1484 7f52921b0a7cdd10a4d811f07e695c7d.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f52921b0a7cdd10a4d811f07e695c7d.exe"C:\Users\Admin\AppData\Local\Temp\7f52921b0a7cdd10a4d811f07e695c7d.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1484 -
C:\Users\Admin\AppData\Local\Temp\7f52921b0a7cdd10a4d811f07e695c7d.exeC:\Users\Admin\AppData\Local\Temp\7f52921b0a7cdd10a4d811f07e695c7d.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3256
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD540c3e36295c9cbb9b8d3201b489779e8
SHA19fc116352d20acefdc8a097df719c48d436e3d89
SHA256a19d6d43066bb79133b2ba3078dc1179fdb2a8f4dbf3c0126bfdc72a95d4e12c
SHA5122ae1f28a6a547bfc0b2416fc8ffa85538d8b8c44ea3a547bc9b69c51c340b4ee940c55a01b55f4bce0c3ce6c32db7f436892dc5d7a8ad4d96c4afc750fd38836