cb463fb04856a564dc4a241507d223b2b6e9a70eba7105e74921707d8bd56e90

Analysis

max time kernel
141s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20bcd5597080b950a1e32ee5c5b50100.exe
Size

385KB
MD5

20bcd5597080b950a1e32ee5c5b50100
SHA1

7d857e1613842de1c09aecc78806ad932da7d6eb
SHA256

cb463fb04856a564dc4a241507d223b2b6e9a70eba7105e74921707d8bd56e90
SHA512

85a53d52a9b6c1925c0e6cd0344d3036508f9eaad319c1fcb7eda68b5d50da91d64ff557ff8301aace9781507e25a083e59b4a46005bbbb52c689566f7123f06
SSDEEP

12288:9ul/FcpMHl1+X9/wMHqUFkcildo+AauJ4HaYoM90fHmB:Ohv+X9l9iNldoQuJvA90fHmB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2376	20bcd5597080b950a1e32ee5c5b50100.exe

Executes dropped EXE 1 IoCs

pid	Process
2376	20bcd5597080b950a1e32ee5c5b50100.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2336	20bcd5597080b950a1e32ee5c5b50100.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2336	20bcd5597080b950a1e32ee5c5b50100.exe
2376	20bcd5597080b950a1e32ee5c5b50100.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2376	2336	20bcd5597080b950a1e32ee5c5b50100.exe	45
PID 2336 wrote to memory of 2376	2336	20bcd5597080b950a1e32ee5c5b50100.exe	45
PID 2336 wrote to memory of 2376	2336	20bcd5597080b950a1e32ee5c5b50100.exe	45

C:\Users\Admin\AppData\Local\Temp\20bcd5597080b950a1e32ee5c5b50100.exe
"C:\Users\Admin\AppData\Local\Temp\20bcd5597080b950a1e32ee5c5b50100.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\20bcd5597080b950a1e32ee5c5b50100.exe
  C:\Users\Admin\AppData\Local\Temp\20bcd5597080b950a1e32ee5c5b50100.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\20bcd5597080b950a1e32ee5c5b50100.exe

Filesize
344KB

MD5
edebf5f41b721b53a50c4b39ce8c9998

SHA1
78bd5c29dba97111f0872a929bef07f0d0a313e4

SHA256
5802394a6259d093049463b1bb768e018b819a7a750998a91a34a85d1cc67ffb

SHA512
009aa8373d664ed8ba829744393ffe512dd28101a23e6ee9a6b2909a930ee06387dd63d5044937912885e4356571cd0d7918715915d6bbe1b4fe9381558c5355

Download Submit
memory/2336-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2336-1-0x0000000000150000-0x00000000001B6000-memory.dmp

Filesize
408KB

Download
memory/2336-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2336-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2376-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2376-20-0x0000000004ED0000-0x0000000004F2F000-memory.dmp

Filesize
380KB

Download
memory/2376-15-0x0000000000160000-0x00000000001C6000-memory.dmp

Filesize
408KB

Download
memory/2376-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2376-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2376-32-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/2376-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download