8f5fd5c09bb6f8e83a3089d0b99f5c2a1adc64283250acb286966561b2e7e275

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fdaaf0164b78cac0443fb496f4df121.exe
Size

82KB
MD5

0fdaaf0164b78cac0443fb496f4df121
SHA1

412d7a3ee0319c65cc2c2d99360826e6e1aa9dda
SHA256

8f5fd5c09bb6f8e83a3089d0b99f5c2a1adc64283250acb286966561b2e7e275
SHA512

aa752d7000f97c609281d7ded50af6432a47a04f016df1322ea8f8400238f84f745ee306ba9fdb91c69914e3357d41abf11b8a3a8ed7ba16db4f02b7e658cb87
SSDEEP

1536:jWL39OvwLQUzIGpQnwnqpiw7HszalJp28taPCwsVKZNiQvhOl8i9dUGV2E3e546S:SLMsHqlRp2vUsxvhOl8U3Te66xm1

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2688	0fdaaf0164b78cac0443fb496f4df121.exe

Executes dropped EXE 1 IoCs

pid	Process
2688	0fdaaf0164b78cac0443fb496f4df121.exe

Loads dropped DLL 1 IoCs

pid	Process
2648	0fdaaf0164b78cac0443fb496f4df121.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2648	0fdaaf0164b78cac0443fb496f4df121.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2648	0fdaaf0164b78cac0443fb496f4df121.exe
2688	0fdaaf0164b78cac0443fb496f4df121.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2688	2648	0fdaaf0164b78cac0443fb496f4df121.exe	16
PID 2648 wrote to memory of 2688	2648	0fdaaf0164b78cac0443fb496f4df121.exe	16
PID 2648 wrote to memory of 2688	2648	0fdaaf0164b78cac0443fb496f4df121.exe	16
PID 2648 wrote to memory of 2688	2648	0fdaaf0164b78cac0443fb496f4df121.exe	16

C:\Users\Admin\AppData\Local\Temp\0fdaaf0164b78cac0443fb496f4df121.exe
"C:\Users\Admin\AppData\Local\Temp\0fdaaf0164b78cac0443fb496f4df121.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\0fdaaf0164b78cac0443fb496f4df121.exe
  C:\Users\Admin\AppData\Local\Temp\0fdaaf0164b78cac0443fb496f4df121.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0fdaaf0164b78cac0443fb496f4df121.exe

Filesize
32KB

MD5
14f2c34ac9e2eeed6af77822beac6bdd

SHA1
e609746b88bcd1647890ff33bfdd726613c2a0c9

SHA256
47e27bbc5e7b3c0e2070db7ff74cd1bff272772b3a72255578d5f48a75db7b50

SHA512
40d68028c9aa7d629df203dd0f5f594c74771d588ae764efc9f7ba5db2107d6135870877e2559f32c90c8e5fa82dec25dfc81efa405d206017f3c555c3fcc223

Download Submit
\Users\Admin\AppData\Local\Temp\0fdaaf0164b78cac0443fb496f4df121.exe

Filesize
82KB

MD5
7eb1f6f006824f24a09bbb397310f985

SHA1
8f33e986107207c6b41dcaf5e8d606c5789021a6

SHA256
cf75be0327f5fc70fac46bf7d615db3da898734283ec78bd6afd1ed3ed2852ed

SHA512
898a5d891910a99c19d28bc8c3ef8c1374e739b80106fc66f5a4acb57b1368c8f5f78a7b98537044ac6c7317d2d16eb717354e511780f1b5e30c7d2edae379f3

Download Submit
memory/2648-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2648-1-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2648-12-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/2648-16-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2688-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2688-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

Filesize
108KB

Download
memory/2688-17-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download