Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 23:47
Behavioral task
behavioral1
Sample
20879479e4f46888a7bb5d6a3a946900.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
20879479e4f46888a7bb5d6a3a946900.exe
Resource
win10v2004-20231215-en
General
-
Target
20879479e4f46888a7bb5d6a3a946900.exe
-
Size
2.9MB
-
MD5
20879479e4f46888a7bb5d6a3a946900
-
SHA1
ef0cef3bf3c680599fe477f1ec34585571a2bf48
-
SHA256
e0eed2591854e891918ace5a80ed31a2274f1dd206e1beb03eadacf639df64ca
-
SHA512
f381398b842b02b24b12c7592f8253c89ed721efef63d340f2830063256a9309c5cd7c2906ca9f11a227596bdbab57a593baff38e746dea21653c26aaaf688ed
-
SSDEEP
49152:Iw7xM9pM/UBMaBjndAPGITVCD5P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:vsM/UFlni6D5gg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2540 20879479e4f46888a7bb5d6a3a946900.exe -
Executes dropped EXE 1 IoCs
pid Process 2540 20879479e4f46888a7bb5d6a3a946900.exe -
Loads dropped DLL 1 IoCs
pid Process 2204 20879479e4f46888a7bb5d6a3a946900.exe -
resource yara_rule behavioral1/memory/2204-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x00070000000122c4-12.dat upx behavioral1/files/0x00070000000122c4-14.dat upx behavioral1/files/0x00070000000122c4-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2204 20879479e4f46888a7bb5d6a3a946900.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2204 20879479e4f46888a7bb5d6a3a946900.exe 2540 20879479e4f46888a7bb5d6a3a946900.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2204 wrote to memory of 2540 2204 20879479e4f46888a7bb5d6a3a946900.exe 28 PID 2204 wrote to memory of 2540 2204 20879479e4f46888a7bb5d6a3a946900.exe 28 PID 2204 wrote to memory of 2540 2204 20879479e4f46888a7bb5d6a3a946900.exe 28 PID 2204 wrote to memory of 2540 2204 20879479e4f46888a7bb5d6a3a946900.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe"C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exeC:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2540
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
250KB
MD5b8cf28cae16c663998efaf12d5821ff6
SHA184ff5f0f411927999e36651f68503ec462a8fe32
SHA25629596755a232d9b1f978c5c82101e6ec20f78bfa60d0db803bc01842cfc2aeae
SHA5124526d550f69a15078d088c2fccf9f793e51f5cdb3928b5ad5a0e293ccf814ce77ec30a71ce0532ccf35f8fd50e8a0eb6aeb8eeb8c28daa7ccf2398d1c19f6bef
-
Filesize
166KB
MD5c6899906bf53172e1c1b1b1f498627f0
SHA1c1abdd85a733c9b3ccb01e741d1357a231280665
SHA25682fd45318087b152dcb194bf227bdeab868de84d065a3f4ba39c9095ab4de785
SHA5122e4eab64381a7e591abc791cc570cc49d454c20ff6259358998a5ad3fc3fedd7246037b018edfc5329685333f7396fdfd253d9a45ecb1a89183bfda25e5b795a
-
Filesize
448KB
MD58bc2e96ae94a7927875fb40f49f29549
SHA1f867c301489fe785a3a0d98d455ca291dfa6a166
SHA25699f84cb46937557d7bbce15a65f081ed721bef9ada890526b027b23f3c66dfca
SHA512190e90689b6a9a1e9364c5acde236fc33019af53efa96421f6994cd953220530c28d2fbe7b8114eea969c41b14268e76b9967417a0881e4e3a45d61cb7c445ca