68c622a65f1d5265129b491c252b885bcf9764615d1db0f9ab04f7e6ccaa24dd

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d1a6778eb52658757ea5c1a6be70ac3.exe
Size

82KB
MD5

1d1a6778eb52658757ea5c1a6be70ac3
SHA1

015fd0d6fc02bccc47aae67c32d93efe9aedd9a6
SHA256

68c622a65f1d5265129b491c252b885bcf9764615d1db0f9ab04f7e6ccaa24dd
SHA512

887cecfcbe13df3785b54c241bab17db62ea692b900efdcd890a8060d9e452a9f772e570e42f1235efef054a04b00a98f492f0e11f8f201d7b9381ffdc5042c0
SSDEEP

1536:SskoZ6dqUPZlz5oqTmlBNaqZs9OJVVrGYgHTHtT:SHoQvZld/GVBy5HB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3032	1d1a6778eb52658757ea5c1a6be70ac3.exe

Executes dropped EXE 1 IoCs

pid	Process
3032	1d1a6778eb52658757ea5c1a6be70ac3.exe

Loads dropped DLL 1 IoCs

pid	Process
2904	1d1a6778eb52658757ea5c1a6be70ac3.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2904	1d1a6778eb52658757ea5c1a6be70ac3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2904	1d1a6778eb52658757ea5c1a6be70ac3.exe
3032	1d1a6778eb52658757ea5c1a6be70ac3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3032	2904	1d1a6778eb52658757ea5c1a6be70ac3.exe	29
PID 2904 wrote to memory of 3032	2904	1d1a6778eb52658757ea5c1a6be70ac3.exe	29
PID 2904 wrote to memory of 3032	2904	1d1a6778eb52658757ea5c1a6be70ac3.exe	29
PID 2904 wrote to memory of 3032	2904	1d1a6778eb52658757ea5c1a6be70ac3.exe	29

C:\Users\Admin\AppData\Local\Temp\1d1a6778eb52658757ea5c1a6be70ac3.exe
"C:\Users\Admin\AppData\Local\Temp\1d1a6778eb52658757ea5c1a6be70ac3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\1d1a6778eb52658757ea5c1a6be70ac3.exe
  C:\Users\Admin\AppData\Local\Temp\1d1a6778eb52658757ea5c1a6be70ac3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1d1a6778eb52658757ea5c1a6be70ac3.exe

Filesize
19KB

MD5
21d9d99bc3f54076f9c210bded44f314

SHA1
c32018e7147332965b13bd1016f049701d74e842

SHA256
58889f984f9517761381efbfabf469ad90067d796918496792a4775f4bb3bffe

SHA512
f08bfcbe0d30f71f52add01271d7a564ad4ec0ff252149e0c9dbb8afd8fcf26dc99e3bf75d958661e9554cc6e20414f58f007f17828db68885a98821d05b7465

Download Submit
\Users\Admin\AppData\Local\Temp\1d1a6778eb52658757ea5c1a6be70ac3.exe

Filesize
82KB

MD5
b0f8047879313ce179904fd5e0f2f9c4

SHA1
721822b1595b81e50545bf2e62952e1840279603

SHA256
4e7b3666c946a3dbbde4f6227d5cbc970f2cebae66ae3ab46ec93aa32ca8020f

SHA512
1e308f28a7dc66c258319c74f9ee4c2bd5afceb2fa29512557f3fda4b93fb321f14bde1419b51205b9c5ba3bcfcefabeb276f77482b16ed653103402a5dc92f6

Download Submit
memory/2904-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2904-2-0x00000000001D0000-0x00000000001FF000-memory.dmp

Filesize
188KB

Download
memory/2904-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2904-12-0x0000000000330000-0x000000000035F000-memory.dmp

Filesize
188KB

Download
memory/2904-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3032-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

Filesize
108KB

Download
memory/3032-27-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/3032-22-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download