20af546ab37f898174718208190e448a86a4e7c1ad7e8092acd66cb789561053

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e20f02b6297861e1de8c58da0213d0c.exe
Size

92KB
MD5

1e20f02b6297861e1de8c58da0213d0c
SHA1

b5d618207db165926bda425f944b848c8c0b7b5b
SHA256

20af546ab37f898174718208190e448a86a4e7c1ad7e8092acd66cb789561053
SHA512

9e300a763df6c8f39de3a6aba2e0b4cf3e5a439ef90432978d4fc080abfdffdec3f3a07c3d0d660ff63cf89f24b17a063c6e00e2eba4c859912757155cd6c0cb
SSDEEP

1536:EMYQ1ULg6lvBCIP8jOlKiOCt6EXpCZdOFDx2R7d2FEvQwm3/RLDHbVPmZdjsa:Vj1P61BH0lxG5CSFDxQsF35nbAZRx

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2860	1e20f02b6297861e1de8c58da0213d0c.exe

Executes dropped EXE 1 IoCs

pid	Process
2860	1e20f02b6297861e1de8c58da0213d0c.exe

Loads dropped DLL 1 IoCs

pid	Process
2908	1e20f02b6297861e1de8c58da0213d0c.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2908	1e20f02b6297861e1de8c58da0213d0c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2908	1e20f02b6297861e1de8c58da0213d0c.exe
2860	1e20f02b6297861e1de8c58da0213d0c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2860	2908	1e20f02b6297861e1de8c58da0213d0c.exe	18
PID 2908 wrote to memory of 2860	2908	1e20f02b6297861e1de8c58da0213d0c.exe	18
PID 2908 wrote to memory of 2860	2908	1e20f02b6297861e1de8c58da0213d0c.exe	18
PID 2908 wrote to memory of 2860	2908	1e20f02b6297861e1de8c58da0213d0c.exe	18

C:\Users\Admin\AppData\Local\Temp\1e20f02b6297861e1de8c58da0213d0c.exe
"C:\Users\Admin\AppData\Local\Temp\1e20f02b6297861e1de8c58da0213d0c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\1e20f02b6297861e1de8c58da0213d0c.exe
  C:\Users\Admin\AppData\Local\Temp\1e20f02b6297861e1de8c58da0213d0c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1e20f02b6297861e1de8c58da0213d0c.exe

Filesize
37KB

MD5
fe5843c164ea51bba7dd504726cdf0ee

SHA1
89b3ad178c9935573789761e38fcbeb06f9ee182

SHA256
142aa47c5cd957c86799a0892dce1ca8efc1f949cf041643464304a1e6f14ac5

SHA512
5fa7e72386d87f561a36b746af01ae885d75742721da6a2b8891182dfb35c188490d433ee222e3776c74b4e2e4afb057a63c1743b8d7e630bd7a72858b78a3af

Download Submit
C:\Users\Admin\AppData\Local\Temp\1e20f02b6297861e1de8c58da0213d0c.exe

Filesize
5KB

MD5
6a26799c6f7052ca71fb4993ca4feb9a

SHA1
c73f13138f198c429d288d3b71aff04eeb65825f

SHA256
6a82ebc3558c34f479d182d88f339da0962af51017fac197ff83162bee316c5f

SHA512
73990b05378132877af3e97146c5ee99947b6f7f7349b4e107755183632097e42022b230ca4c52600b51cb1951fba7a352b31b4a949011f8f8d73b5356eda87d

Download Submit
\Users\Admin\AppData\Local\Temp\1e20f02b6297861e1de8c58da0213d0c.exe

Filesize
64KB

MD5
75927aef700d504d65f49bd860f5fcf2

SHA1
3e1d3dc66b368638f0502cc2851faf9f12770a60

SHA256
5888f979d4c9ef41e99564fb08f0942637aecde7c307f785369adde27dbdbc9d

SHA512
2554019262d31dc0fac514fa5fd14e7c8189d7e70118284d85368bb85ac0b2307028f0b4389d42360a460eeed0f97201604eb51128293f4c7e691d8623c1d8b9

Download Submit
memory/2860-18-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2860-29-0x0000000000220000-0x000000000023B000-memory.dmp

Filesize
108KB

Download
memory/2860-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2860-17-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2908-2-0x00000000002C0000-0x00000000002EF000-memory.dmp

Filesize
188KB

Download
memory/2908-15-0x0000000000310000-0x000000000033F000-memory.dmp

Filesize
188KB

Download
memory/2908-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2908-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2908-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download