Analysis
-
max time kernel
151s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 01:23
Behavioral task
behavioral1
Sample
09f8cf217dc29001a8a1d8793623dd5e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
09f8cf217dc29001a8a1d8793623dd5e.exe
Resource
win10v2004-20231215-en
General
-
Target
09f8cf217dc29001a8a1d8793623dd5e.exe
-
Size
59KB
-
MD5
09f8cf217dc29001a8a1d8793623dd5e
-
SHA1
c183acecbc41b9fde109b9544443ba83e6eb7ea6
-
SHA256
9dea4f44576f7f6cef409b36a3f6ac9e72d4ab08227c871998354f3799908c93
-
SHA512
12e8f3d67761edd59a5ff338ce81a423697daca9172326e277ec1a27bc10f3235666c2a0cfe306e08c04ffb6b5e509eaf78e3fd15b02c1060e7c8acb385251e5
-
SSDEEP
1536:hLUozsYU7HQtIP3BpgfasJ65xaZVwFFJhmze0GsVPCv/Sg:hwMsYAQuP3BpgiwWxSwnJhE9VPES
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2812 09f8cf217dc29001a8a1d8793623dd5e.exe -
Executes dropped EXE 1 IoCs
pid Process 2812 09f8cf217dc29001a8a1d8793623dd5e.exe -
resource yara_rule behavioral2/memory/1388-0-0x0000000000400000-0x000000000043D000-memory.dmp upx behavioral2/files/0x0007000000023200-11.dat upx behavioral2/memory/2812-13-0x0000000000400000-0x000000000043D000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1388 09f8cf217dc29001a8a1d8793623dd5e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1388 09f8cf217dc29001a8a1d8793623dd5e.exe 2812 09f8cf217dc29001a8a1d8793623dd5e.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1388 wrote to memory of 2812 1388 09f8cf217dc29001a8a1d8793623dd5e.exe 91 PID 1388 wrote to memory of 2812 1388 09f8cf217dc29001a8a1d8793623dd5e.exe 91 PID 1388 wrote to memory of 2812 1388 09f8cf217dc29001a8a1d8793623dd5e.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\09f8cf217dc29001a8a1d8793623dd5e.exe"C:\Users\Admin\AppData\Local\Temp\09f8cf217dc29001a8a1d8793623dd5e.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1388 -
C:\Users\Admin\AppData\Local\Temp\09f8cf217dc29001a8a1d8793623dd5e.exeC:\Users\Admin\AppData\Local\Temp\09f8cf217dc29001a8a1d8793623dd5e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2812
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD50812678ba6ef08159075d7f4083d9862
SHA1f619e37dd217bd4b26896709364d9ac372a9c524
SHA2563e08be4a93e8b34ffaf73c6001a5133da45b79931e0db8e8d564a07ca12e996c
SHA512c8da3b5e42d47a0f7e564557611b21c833cce8f926a0e7bfc3db903650018ece3a03cb0660bea3d57dbbc24432e06ca82edb85c9956e297fb38f3fa0f0813fb1