Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 23:46
Static task
static1
Behavioral task
behavioral1
Sample
2085ad2ab5c83816c88ceb524b6ae8b2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2085ad2ab5c83816c88ceb524b6ae8b2.exe
Resource
win10v2004-20231215-en
General
-
Target
2085ad2ab5c83816c88ceb524b6ae8b2.exe
-
Size
385KB
-
MD5
2085ad2ab5c83816c88ceb524b6ae8b2
-
SHA1
8885b2df1d60871077802ed9cc13b512aabafe0e
-
SHA256
1a6d383928a3b6552a4c12369e26cbab30467be22583a33a0678a845e1b2086a
-
SHA512
afb1c55e379c160a961c1c806b9b9c74950fb655f5ef402f3dca970ed5389c5f1b1e0917578274c4fe5d5843ba3b0123d93aded80bf69d811b91aa7bec8189b2
-
SSDEEP
6144:HtOLrzeZpS+DSoPPMmft/yvN+8rcmDwxrITv+cUe7bkB:NKPcS+DSo9yv1QmyrO+cUe7bkB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3080 2085ad2ab5c83816c88ceb524b6ae8b2.exe -
Executes dropped EXE 1 IoCs
pid Process 3080 2085ad2ab5c83816c88ceb524b6ae8b2.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2924 2085ad2ab5c83816c88ceb524b6ae8b2.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2924 2085ad2ab5c83816c88ceb524b6ae8b2.exe 3080 2085ad2ab5c83816c88ceb524b6ae8b2.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2924 wrote to memory of 3080 2924 2085ad2ab5c83816c88ceb524b6ae8b2.exe 89 PID 2924 wrote to memory of 3080 2924 2085ad2ab5c83816c88ceb524b6ae8b2.exe 89 PID 2924 wrote to memory of 3080 2924 2085ad2ab5c83816c88ceb524b6ae8b2.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\2085ad2ab5c83816c88ceb524b6ae8b2.exe"C:\Users\Admin\AppData\Local\Temp\2085ad2ab5c83816c88ceb524b6ae8b2.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\2085ad2ab5c83816c88ceb524b6ae8b2.exeC:\Users\Admin\AppData\Local\Temp\2085ad2ab5c83816c88ceb524b6ae8b2.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3080
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD56e0ede1dd1a360bdc097fecae2de4756
SHA1624b7700de42d4ec8f142353d79c33cc1053a6b5
SHA25634f57432626957c2b73c1f1c695d33dbef9b74ac7edde2f59a24f2b80aa141ae
SHA51279089d587d5ddeb94458fad93a75e43f6c06e2e0e4b8457e5279f78e363b8379d96e10487e160dc408df23eaf025b6d14ab0aff653989e453defda9a4d845e0c