c39ce5ab91d3446d359a478a12cb2051d1b4785d7320a4b8a37d5617cbcc449a

Analysis

max time kernel
121s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

077d313ccd70e20869b1f9cdb5f95769.exe
Size

1.6MB
MD5

077d313ccd70e20869b1f9cdb5f95769
SHA1

2a69b1782591de6c7bd06931d766fc2344d4316c
SHA256

c39ce5ab91d3446d359a478a12cb2051d1b4785d7320a4b8a37d5617cbcc449a
SHA512

9f5fabd6d16535610e07c54808b51ccf69931c9d52416f79872a012489e10d29ad7d1453004a439028e1bc9d457ab028be406ab374ae303f2c886cc721331016
SSDEEP

49152:apqD5w757eJb7kx1yME7eyoBN08ns26tMc:apM+wnkXA7BoBqX2O

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1508	077d313ccd70e20869b1f9cdb5f95769.exe

Executes dropped EXE 1 IoCs

pid	Process
1508	077d313ccd70e20869b1f9cdb5f95769.exe

Loads dropped DLL 1 IoCs

pid	Process
2068	077d313ccd70e20869b1f9cdb5f95769.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2068	077d313ccd70e20869b1f9cdb5f95769.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2068	077d313ccd70e20869b1f9cdb5f95769.exe
1508	077d313ccd70e20869b1f9cdb5f95769.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1508	2068	077d313ccd70e20869b1f9cdb5f95769.exe	28
PID 2068 wrote to memory of 1508	2068	077d313ccd70e20869b1f9cdb5f95769.exe	28
PID 2068 wrote to memory of 1508	2068	077d313ccd70e20869b1f9cdb5f95769.exe	28
PID 2068 wrote to memory of 1508	2068	077d313ccd70e20869b1f9cdb5f95769.exe	28

C:\Users\Admin\AppData\Local\Temp\077d313ccd70e20869b1f9cdb5f95769.exe
"C:\Users\Admin\AppData\Local\Temp\077d313ccd70e20869b1f9cdb5f95769.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\077d313ccd70e20869b1f9cdb5f95769.exe
  C:\Users\Admin\AppData\Local\Temp\077d313ccd70e20869b1f9cdb5f95769.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\077d313ccd70e20869b1f9cdb5f95769.exe

Filesize
1.6MB

MD5
a7a56b2ce77fe6d663133a54820fbe19

SHA1
398085c1e6520e1294d5823b6fa93f38fb24d9f0

SHA256
869fdc73b6620e8bd41be37db8fccf6d9ad9d1d0770169f5e6fac7a0e8b99920

SHA512
9048ef4c9f1282df30c059ceac865a8e9cafa85872bba57ab39fa1ae11fbecf3ad4a16e43eda98059614900b3cd6b8e10c3395b30816e3753838aeb4b35729ee

Download Submit
\Users\Admin\AppData\Local\Temp\077d313ccd70e20869b1f9cdb5f95769.exe

Filesize
576KB

MD5
27b7da101cc4f63f669d6054ceb724d1

SHA1
673a296a52fbda362027728446ca10116aae79be

SHA256
a5cdd3cccac55356ab202f335b29966887e79aa4d28aae7cc04af6db44126e83

SHA512
6ccd1c23df68ffd02cdd87035c61e7acba4e55c6eb58186f638a84674d59406297861a4a35a7f9ee22e56296c070857c48ef0b97088807806dcbff3260af03f9

Download Submit
memory/1508-16-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1508-18-0x0000000001AD0000-0x0000000001F47000-memory.dmp

Filesize
4.5MB

Download
memory/1508-17-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/1508-23-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/1508-24-0x00000000038B0000-0x0000000003AFD000-memory.dmp

Filesize
2.3MB

Download
memory/2068-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2068-1-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2068-2-0x0000000001CD0000-0x0000000002147000-memory.dmp

Filesize
4.5MB

Download
memory/2068-15-0x0000000003BF0000-0x0000000004067000-memory.dmp

Filesize
4.5MB

Download
memory/2068-13-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download