Analysis
-
max time kernel
144s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 01:04
Behavioral task
behavioral1
Sample
09782e3a0a45ca487395c36751c7b3c8.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
09782e3a0a45ca487395c36751c7b3c8.exe
Resource
win10v2004-20231215-en
General
-
Target
09782e3a0a45ca487395c36751c7b3c8.exe
-
Size
2.9MB
-
MD5
09782e3a0a45ca487395c36751c7b3c8
-
SHA1
d8c33658bb6be6c984f501ea01cd6c2ef06ee9c1
-
SHA256
8f759cc5672d14f6cff9f1e60e824b252c2116de62cc85742945d246fb9cb39d
-
SHA512
dcf5347c1dc2fc7c1c011ae3616ea9db38a0efb75cd09fa20805ef2d834934b979164478190fa3ee8d88abd7dd824fa38340d7d17733d62e0cc40a38e9ac878a
-
SSDEEP
49152:4581uuIKkkFxMM8JgpSGUpCO/sP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:wz7KnLTMG0COUgg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4840 09782e3a0a45ca487395c36751c7b3c8.exe -
Executes dropped EXE 1 IoCs
pid Process 4840 09782e3a0a45ca487395c36751c7b3c8.exe -
resource yara_rule behavioral2/memory/456-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000800000001e712-11.dat upx behavioral2/memory/4840-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 456 09782e3a0a45ca487395c36751c7b3c8.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 456 09782e3a0a45ca487395c36751c7b3c8.exe 4840 09782e3a0a45ca487395c36751c7b3c8.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 456 wrote to memory of 4840 456 09782e3a0a45ca487395c36751c7b3c8.exe 89 PID 456 wrote to memory of 4840 456 09782e3a0a45ca487395c36751c7b3c8.exe 89 PID 456 wrote to memory of 4840 456 09782e3a0a45ca487395c36751c7b3c8.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\09782e3a0a45ca487395c36751c7b3c8.exe"C:\Users\Admin\AppData\Local\Temp\09782e3a0a45ca487395c36751c7b3c8.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:456 -
C:\Users\Admin\AppData\Local\Temp\09782e3a0a45ca487395c36751c7b3c8.exeC:\Users\Admin\AppData\Local\Temp\09782e3a0a45ca487395c36751c7b3c8.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4840
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
634KB
MD505ebe16c5eb5455921c3b7dc7c71ecca
SHA1952b11ce56f84349d291fd33d7be295849b633ab
SHA2568218e8ce693271e5947363364f81b80af7c6e257812a80fef167e28ab1e58c25
SHA512ea7a5e784da62024f9ebfdd4d54b9f4a0c3381f5b928c87facfeee3ee8037d4fedb8a11114c7f493ef1a9d1fd6be945c6cda99712dc2fd8adcfdaee3a68f8f9d