d3c67935a09c9e889f2f4b4dda4aa0fc55bfd20595446ad6d927e3b06cde1e84

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e15dff6f4219f6fe1e9e037e3423310.exe
Size

82KB
MD5

1e15dff6f4219f6fe1e9e037e3423310
SHA1

969cf4f3a0ceb8b593bbb5b66d382797e8ab4802
SHA256

d3c67935a09c9e889f2f4b4dda4aa0fc55bfd20595446ad6d927e3b06cde1e84
SHA512

af92fa5458044efccc5ab0e139ef00c6fddcee161538d2a9d1e65592c45a9f281e8e48dc1fb866be3b4396bf74967c9101342eca1a8b0aecc11fc7d2fc116d99
SSDEEP

1536:6pT3IXW+o+7B44eE/Hv/+alWI9892D5XjKxZhEFqWrfCh316y9+UvB0pfC:k3n+hOJEmD+5XGmmhfKpfC

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2496	1e15dff6f4219f6fe1e9e037e3423310.exe

Executes dropped EXE 1 IoCs

pid	Process
2496	1e15dff6f4219f6fe1e9e037e3423310.exe

Loads dropped DLL 1 IoCs

pid	Process
1700	1e15dff6f4219f6fe1e9e037e3423310.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1700	1e15dff6f4219f6fe1e9e037e3423310.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1700	1e15dff6f4219f6fe1e9e037e3423310.exe
2496	1e15dff6f4219f6fe1e9e037e3423310.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2496	1700	1e15dff6f4219f6fe1e9e037e3423310.exe	18
PID 1700 wrote to memory of 2496	1700	1e15dff6f4219f6fe1e9e037e3423310.exe	18
PID 1700 wrote to memory of 2496	1700	1e15dff6f4219f6fe1e9e037e3423310.exe	18
PID 1700 wrote to memory of 2496	1700	1e15dff6f4219f6fe1e9e037e3423310.exe	18

C:\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe
"C:\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe
  C:\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe

Filesize
1KB

MD5
e311df53e375556075773d1667b15c0f

SHA1
79e78ab7b66abce36321c74c03c82b344d22c045

SHA256
50c3072c03080fc8b22545ba679ea1c38afdd369e9d2e944283bb3e67338a3d9

SHA512
f5ca27b573dab49fa9b8f2e0124fc1daa0bc05add463c30d891209661bcb130b1b6aeccf3daa28a89105817875764ca40027fa0d5635003fc9b240cc946be9f2

Download Submit
\Users\Admin\AppData\Local\Temp\1e15dff6f4219f6fe1e9e037e3423310.exe

Filesize
60KB

MD5
1b02cb729a4fb5b1670a9d865dfbbdf2

SHA1
47d2ac6a147208ddcb9f2d559001ff330a1bb59c

SHA256
c11254699093bb064c21add9491cb0a92b08f501aa5aadb3025fcb86447b5e92

SHA512
39627e445334fc6384ba6c2267ca73e1083f2810efbc98a20ab585c2b6b9555f275a037bc83ec02278432cec7bdb3d16f4c01808aea26df3ece2a643ec6b96bb

Download Submit
memory/1700-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1700-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1700-4-0x00000000002E0000-0x000000000030F000-memory.dmp

Filesize
188KB

Download
memory/1700-16-0x0000000000310000-0x000000000033F000-memory.dmp

Filesize
188KB

Download
memory/1700-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2496-17-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2496-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

Filesize
108KB

Download
memory/2496-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2496-20-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download