ad0da498acb532c42dac866229fc90beef5ed722537ae13464be70719e844b79

Analysis

max time kernel
3s
max time network
130s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

062805c07957532b9e6d32b8c35d3773.exe
Size

385KB
MD5

062805c07957532b9e6d32b8c35d3773
SHA1

9e2d90c509309ba8ba28d5fd1eac9bc8c93bbdb6
SHA256

ad0da498acb532c42dac866229fc90beef5ed722537ae13464be70719e844b79
SHA512

a04deda6fe4768569618d1d37cc491e9ce72ec166a9c8a972b523b4a56e7d6bb0f77b82e6b3ae72f8a004f6daddc2446758c3ead22b733ce5f2b000afd70eaa6
SSDEEP

12288:kIyl2o/eHb/J4Wg3KeFAbjGn0Cnt1enZB:kIyY4wb6b3KI/0ePeZB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1712	062805c07957532b9e6d32b8c35d3773.exe

Executes dropped EXE 1 IoCs

pid	Process
1712	062805c07957532b9e6d32b8c35d3773.exe

Loads dropped DLL 1 IoCs

pid	Process
2892	062805c07957532b9e6d32b8c35d3773.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2892	062805c07957532b9e6d32b8c35d3773.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2892	062805c07957532b9e6d32b8c35d3773.exe
1712	062805c07957532b9e6d32b8c35d3773.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1712	2892	062805c07957532b9e6d32b8c35d3773.exe	17
PID 2892 wrote to memory of 1712	2892	062805c07957532b9e6d32b8c35d3773.exe	17
PID 2892 wrote to memory of 1712	2892	062805c07957532b9e6d32b8c35d3773.exe	17
PID 2892 wrote to memory of 1712	2892	062805c07957532b9e6d32b8c35d3773.exe	17

C:\Users\Admin\AppData\Local\Temp\062805c07957532b9e6d32b8c35d3773.exe
"C:\Users\Admin\AppData\Local\Temp\062805c07957532b9e6d32b8c35d3773.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Users\Admin\AppData\Local\Temp\062805c07957532b9e6d32b8c35d3773.exe
  C:\Users\Admin\AppData\Local\Temp\062805c07957532b9e6d32b8c35d3773.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
423B

MD5
fbd0c300d104542c1058ac1606f8a17e

SHA1
cdcafc41ca7eb46d46bd259113a16b8d27451a97

SHA256
72006c418bfcad0e35ace75bede725aeeccfec2f8f7e8e4a560e8a0c040e388c

SHA512
7c080306d2722315004cdf6df1c38822e80601bccb28535d97af9a0555c1dd6a2089eb2b60c47f6a9a5ce6f50aa7c534d809cdab9d226af3b2a206a64e3f52bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2522.tmp

Filesize
14KB

MD5
1211c5cef319aafdea12aa6c728da403

SHA1
955cc80dc23ef15ad928f4a2be2bdce025770eae

SHA256
36fa30e613038e530721672281bb252c6ccb872962e3e9384c9223af6996a9ad

SHA512
9554dc80b5006600f54808b194b792bd60a267133e95df4012acb0b167e3d7abb7ab6eba18e5b48a9ca5729a2efbed47829f5ad781bc9af8a186c0f53f56ea3f

Download Submit
\Users\Admin\AppData\Local\Temp\062805c07957532b9e6d32b8c35d3773.exe

Filesize
17KB

MD5
ee11ce0b16220e62048fbc2eb8bd109a

SHA1
e39dbc90b13b73cb9cc69df2e1332d751bcd0519

SHA256
680cf5e841c33bd46b1d3868c5e53da4891dba9e6b4124266dc9c70d533fd2fc

SHA512
326c503ddda62f9e40717c983266034f80b7770c7a829ead3750ad0efa5e3c6900044b945984f092e85ffddc95abeb7924e959fcb2f526f35a49d1001721b127

Download Submit
memory/1712-88-0x000000000A5B0000-0x000000000A5EC000-memory.dmp

Filesize
240KB

Download
memory/1712-23-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1712-20-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1712-24-0x0000000001470000-0x00000000014CF000-memory.dmp

Filesize
380KB

Download
memory/1712-89-0x000000000A5B0000-0x000000000A5EC000-memory.dmp

Filesize
240KB

Download
memory/1712-17-0x0000000000340000-0x00000000003A6000-memory.dmp

Filesize
408KB

Download
memory/1712-82-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1712-87-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2892-14-0x0000000002D10000-0x0000000002D76000-memory.dmp

Filesize
408KB

Download
memory/2892-2-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/2892-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2892-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2892-13-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download