Analysis
-
max time kernel
117s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 10:09
Behavioral task
behavioral1
Sample
156f3d68edf08421331837fa2d151059.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
156f3d68edf08421331837fa2d151059.exe
Resource
win10v2004-20231215-en
General
-
Target
156f3d68edf08421331837fa2d151059.exe
-
Size
11.7MB
-
MD5
156f3d68edf08421331837fa2d151059
-
SHA1
5a7b725292089104210c924df6f92fe424311134
-
SHA256
61fdc24a9f0639c81680ba3039ffadc38b9fe725b3ba9d7eaee17332d4b08265
-
SHA512
36ad7ff101aa4b4db95eb3f24a9da4e8cea36ef7665ea5c4636590723552ac9e2d891aa8c5b1e9f0bf0475a5ae690fb8c9a0d354e9941f7a88bcb3f4e179f2fe
-
SSDEEP
196608:JdT8sWCIW627WdWCxRVTN0pWCIW627WdWC:P1mWN7WdNVTNSmWN7Wd
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3060 156f3d68edf08421331837fa2d151059.exe -
Executes dropped EXE 1 IoCs
pid Process 3060 156f3d68edf08421331837fa2d151059.exe -
Loads dropped DLL 1 IoCs
pid Process 1220 156f3d68edf08421331837fa2d151059.exe -
resource yara_rule behavioral1/memory/1220-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x0009000000012261-10.dat upx behavioral1/files/0x0009000000012261-15.dat upx behavioral1/memory/3060-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1220 156f3d68edf08421331837fa2d151059.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1220 156f3d68edf08421331837fa2d151059.exe 3060 156f3d68edf08421331837fa2d151059.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1220 wrote to memory of 3060 1220 156f3d68edf08421331837fa2d151059.exe 28 PID 1220 wrote to memory of 3060 1220 156f3d68edf08421331837fa2d151059.exe 28 PID 1220 wrote to memory of 3060 1220 156f3d68edf08421331837fa2d151059.exe 28 PID 1220 wrote to memory of 3060 1220 156f3d68edf08421331837fa2d151059.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exe"C:\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exeC:\Users\Admin\AppData\Local\Temp\156f3d68edf08421331837fa2d151059.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3060
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.5MB
MD53e3027195488931caa7b9b6eeea42e00
SHA1912e50d7eb8ee628058d97685040dfbb24a8890b
SHA25694470c189bc62d78bc1b7487cf3c5a091ba86fca3888c4b248147e2945d560d0
SHA512fcd32bd868b150350e90a7681ed8aff75b4f76e6954b3d8249ef0b611def4dd6c1db13551666c4d2893ee72852bee042de006066af76efbed01fd9b740aea856
-
Filesize
2.1MB
MD59f7f2599771738189320e18f8ff50cb3
SHA14a811afd8c18c6ecb30b96d44564273a088361cb
SHA25623403591e6b79da1fcb524869fbf6da99b6849157cf82ef30cf0ed1c7f342f71
SHA512a6055b200fbd20b9712b06946a6c427daec85c5edb64e2591b0096c8cf6b253ac45deb377dafded6d8669a7f2b59a27e9d420c33d8cd5d43bb425543c18871d1