588dda440a939d0f82a580a95091fc8e5d544454d0314153fbc90f8e63e32be5

Analysis

max time kernel
147s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

014534e03be7442802230a0bd4249017.exe
Size

907KB
MD5

014534e03be7442802230a0bd4249017
SHA1

3ccb08aab26cd8f91c26499f37ff556fe5417e50
SHA256

588dda440a939d0f82a580a95091fc8e5d544454d0314153fbc90f8e63e32be5
SHA512

4526378cebbb0cb5830c7285cab23ad7fa90f04768994a8b327839e360eabdac47254605774148b64a966a74a810e62a9ef5bce1f88d75491afb6c85d0b383f1
SSDEEP

24576:HxofkXlT8xD1Xja1DXrEIUUaCitd6tUZxOa/ZS1:HxofIT87jKXQga5S+OgS

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1592	014534e03be7442802230a0bd4249017.exe

Executes dropped EXE 1 IoCs

pid	Process
1592	014534e03be7442802230a0bd4249017.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4360	014534e03be7442802230a0bd4249017.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4360	014534e03be7442802230a0bd4249017.exe
1592	014534e03be7442802230a0bd4249017.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 1592	4360	014534e03be7442802230a0bd4249017.exe	20
PID 4360 wrote to memory of 1592	4360	014534e03be7442802230a0bd4249017.exe	20
PID 4360 wrote to memory of 1592	4360	014534e03be7442802230a0bd4249017.exe	20

C:\Users\Admin\AppData\Local\Temp\014534e03be7442802230a0bd4249017.exe
"C:\Users\Admin\AppData\Local\Temp\014534e03be7442802230a0bd4249017.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Users\Admin\AppData\Local\Temp\014534e03be7442802230a0bd4249017.exe
  C:\Users\Admin\AppData\Local\Temp\014534e03be7442802230a0bd4249017.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\014534e03be7442802230a0bd4249017.exe

Filesize
907KB

MD5
d47697a23ac96446ad246444929891da

SHA1
15d614119c16a8052a1b712d402c9055c9ab824f

SHA256
a2ef8424974fcdd80f5085ea98dee702cce7b253b7122b6c8c4a75856b07b642

SHA512
172c86ab4b5898b319ed0006b98e1f06f755b90e8e8d39fae6d24e59ca1379c03cad221e7aa85c9f78cf234b13d1749b19ab12d8c8c05155c8d8bc0689a8c2a0

Download Submit
memory/1592-13-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1592-16-0x00000000015B0000-0x0000000001698000-memory.dmp

Filesize
928KB

Download
memory/1592-21-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1592-20-0x0000000005190000-0x000000000524B000-memory.dmp

Filesize
748KB

Download
memory/1592-30-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1592-36-0x000000000B800000-0x000000000B898000-memory.dmp

Filesize
608KB

Download
memory/4360-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/4360-1-0x0000000001720000-0x0000000001808000-memory.dmp

Filesize
928KB

Download
memory/4360-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/4360-12-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download