014e86f83200895728bff7b86d5eec1cec82003ac8c8fdede1f9db78d7be8585

Analysis

max time kernel
3s
max time network
128s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11b0bf6731b2d4a8b2a433fb028f48e5.exe
Size

385KB
MD5

11b0bf6731b2d4a8b2a433fb028f48e5
SHA1

889bb733773142c711d447569c0b1947aae15069
SHA256

014e86f83200895728bff7b86d5eec1cec82003ac8c8fdede1f9db78d7be8585
SHA512

cb41710c1cfc85124b1ceb4a0ab1c33fceb5fb39c5ba80ce9461aab6cd6c32bd7adc2dbc9db9a1cce0627593ea41edba0e855cee21f7d1e467a098154727a975
SSDEEP

12288:2605Rc7LYWu/upkzFQnXX88xsg7UaMn8rJRUynEMSg4N/dO7tHB:705RgLYtSSQXJswlB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2936	11b0bf6731b2d4a8b2a433fb028f48e5.exe

Executes dropped EXE 1 IoCs

pid	Process
2936	11b0bf6731b2d4a8b2a433fb028f48e5.exe

Loads dropped DLL 1 IoCs

pid	Process
2396	11b0bf6731b2d4a8b2a433fb028f48e5.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2396	11b0bf6731b2d4a8b2a433fb028f48e5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2396	11b0bf6731b2d4a8b2a433fb028f48e5.exe
2936	11b0bf6731b2d4a8b2a433fb028f48e5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2936	2396	11b0bf6731b2d4a8b2a433fb028f48e5.exe	16
PID 2396 wrote to memory of 2936	2396	11b0bf6731b2d4a8b2a433fb028f48e5.exe	16
PID 2396 wrote to memory of 2936	2396	11b0bf6731b2d4a8b2a433fb028f48e5.exe	16
PID 2396 wrote to memory of 2936	2396	11b0bf6731b2d4a8b2a433fb028f48e5.exe	16

C:\Users\Admin\AppData\Local\Temp\11b0bf6731b2d4a8b2a433fb028f48e5.exe
C:\Users\Admin\AppData\Local\Temp\11b0bf6731b2d4a8b2a433fb028f48e5.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2936

C:\Users\Admin\AppData\Local\Temp\11b0bf6731b2d4a8b2a433fb028f48e5.exe
"C:\Users\Admin\AppData\Local\Temp\11b0bf6731b2d4a8b2a433fb028f48e5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\11b0bf6731b2d4a8b2a433fb028f48e5.exe

Filesize
92KB

MD5
ab094a0efe04912ad2a0314b6fbf7902

SHA1
4f8ae8545e5f932966c723b3d962b7d5daa4efc1

SHA256
162d8cc573978f6cc9531a3ddfe340b97763ee16c189a16f90ef8c42de537f08

SHA512
1061a78f71fd355976988159ca73f7d5b16154d14d44665de85d1330b4807b774fee6bfaf1e9bbcf1e78e61e11a870ad6388c6afa8faaeb069ee77ad90aeb2c2

Download Submit
memory/2396-14-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2396-2-0x0000000000360000-0x00000000003C6000-memory.dmp

Filesize
408KB

Download
memory/2396-16-0x0000000002BD0000-0x0000000002C36000-memory.dmp

Filesize
408KB

Download
memory/2396-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2396-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2936-19-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2936-21-0x0000000000190000-0x00000000001F6000-memory.dmp

Filesize
408KB

Download
memory/2936-23-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2936-29-0x0000000000240000-0x000000000029F000-memory.dmp

Filesize
380KB

Download
memory/2936-82-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2936-88-0x000000000DD30000-0x000000000DD6C000-memory.dmp

Filesize
240KB

Download
memory/2936-87-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download