86855ad177c326f3049ea9ac4d7b1a8cd8afd1b72910ee8075a7b2c7c09d9ab5

Analysis

max time kernel
1s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03599d25c11e4090d0e19863ad6f9408.exe
Size

385KB
MD5

03599d25c11e4090d0e19863ad6f9408
SHA1

29f1bbfea0fc01b4720e4e7f0acecf2b4827bc57
SHA256

86855ad177c326f3049ea9ac4d7b1a8cd8afd1b72910ee8075a7b2c7c09d9ab5
SHA512

8e0962478e64fcdffbe014a19d2fd91f2fd1f65f630bde74712f6147d5b7f51d3cf52ce06333599a5d74a4d564ba05f16d023124d4340eebb7e4967a9b59790d
SSDEEP

12288:nI0Hz7k2+9IOtYR4hSLBjzypVkSLoq6hsOU0wKQB:nIUzI2+9IO2n1jzypOSLd6hsuwKQB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1652	03599d25c11e4090d0e19863ad6f9408.exe

Executes dropped EXE 1 IoCs

pid	Process
1652	03599d25c11e4090d0e19863ad6f9408.exe

Loads dropped DLL 1 IoCs

pid	Process
2180	03599d25c11e4090d0e19863ad6f9408.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2180	03599d25c11e4090d0e19863ad6f9408.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2180	03599d25c11e4090d0e19863ad6f9408.exe
1652	03599d25c11e4090d0e19863ad6f9408.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1652	2180	03599d25c11e4090d0e19863ad6f9408.exe	14
PID 2180 wrote to memory of 1652	2180	03599d25c11e4090d0e19863ad6f9408.exe	14
PID 2180 wrote to memory of 1652	2180	03599d25c11e4090d0e19863ad6f9408.exe	14
PID 2180 wrote to memory of 1652	2180	03599d25c11e4090d0e19863ad6f9408.exe	14

C:\Users\Admin\AppData\Local\Temp\03599d25c11e4090d0e19863ad6f9408.exe
C:\Users\Admin\AppData\Local\Temp\03599d25c11e4090d0e19863ad6f9408.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1652

C:\Users\Admin\AppData\Local\Temp\03599d25c11e4090d0e19863ad6f9408.exe
"C:\Users\Admin\AppData\Local\Temp\03599d25c11e4090d0e19863ad6f9408.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\03599d25c11e4090d0e19863ad6f9408.exe

Filesize
27KB

MD5
9b3b3b695fbee8ffc43f6428488a3a71

SHA1
edc1c4ba6708c03b47a0cbd6adf85a4105870af6

SHA256
0b4c0107a56e4512a0bfe8b6c17ebaa80c80bdfa680ad8f1cd4da392ff058e46

SHA512
22cfa9fba2ef1e5c5ea5ff0d964cb9ecd56f3a62057367244c248c88304fb0eb4adf108b6362216d8722ed0efa0ff08ec61b5de51675fe9ba2aa256ebdd30904

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1CA7.tmp

Filesize
33KB

MD5
bc0f45cee150425394443d7926a3f291

SHA1
59345c01eaac60ef0e837ed5b9a91b192b50d7b5

SHA256
1480d3221568f78a2a097ee528862182efe52850d3c1c9856a6adf9a83fdb2fb

SHA512
086ac66bb338d8df910791d4c81597505ab803942d4ac3189bc5ae31dc8576032c5beffafb04bee3d3f1da80b68ae233bf0e439179492b433515fb0fe2d4ae97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1CB9.tmp

Filesize
37KB

MD5
2b78b0f4ed7dae0c5219837f8a553346

SHA1
6f3a42cad57740361a5d8f4fcc3b3e25eba43b6f

SHA256
63ab0154fac9f38f4b818efdc335dff8a4866c9631c285352c8af897670b5c06

SHA512
1ee9753858a41f7798b58cf689f4ed5e1464bd9caccd7f9cd9e7b4ec2d65fc24426d2e48da6f6bb2dea45d99e2c55eaf9f7f243be13cf66cbf1d96a8f7cf0f58

Download Submit
\Users\Admin\AppData\Local\Temp\03599d25c11e4090d0e19863ad6f9408.exe

Filesize
2KB

MD5
5f01c0926bbd5bb8737d66a6423ca865

SHA1
8a491b5215eaca673ad2e4208478b2479774b875

SHA256
5a827e487e524454dc8fc414c4259474536c00a8f99317862779d97fb4a223c5

SHA512
6166807e135278b471367c8e0d115b36421e85b1034e38b2b66471cf9afcf006279a3865b151e15bbec2c8a8958d307bff109a0201089f877fd0481560359c49

Download Submit
memory/1652-20-0x0000000000370000-0x00000000003D6000-memory.dmp

Filesize
408KB

Download
memory/1652-23-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1652-17-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1652-26-0x0000000002BE0000-0x0000000002C3F000-memory.dmp

Filesize
380KB

Download
memory/1652-83-0x000000000ED10000-0x000000000ED4C000-memory.dmp

Filesize
240KB

Download
memory/1652-82-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1652-77-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1652-84-0x000000000ED10000-0x000000000ED4C000-memory.dmp

Filesize
240KB

Download
memory/2180-13-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2180-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2180-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2180-15-0x0000000000210000-0x0000000000276000-memory.dmp

Filesize
408KB

Download
memory/2180-1-0x0000000000190000-0x00000000001F6000-memory.dmp

Filesize
408KB

Download