355054f8717984143bb674baa207d940942bdf121cf699c430d231b3c0e585ae

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

164bc665d61772bfac7d5c9192b17444.exe
Size

1.6MB
MD5

164bc665d61772bfac7d5c9192b17444
SHA1

f48f79f9fc525848945dcc494496cd5f1f461f0e
SHA256

355054f8717984143bb674baa207d940942bdf121cf699c430d231b3c0e585ae
SHA512

2921cb386b28d13b6c2583bfb3b153de48dae68b7c5edc3715d12646b4c892c3606838d4afa77139abe684bff7e7370d366042dcfe1001371970b14d90039362
SSDEEP

49152:ZZJoYmIirue+JpYGW0lFKUbHpi/PM26tMc:9k/t+pHYPM2O

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3060	164bc665d61772bfac7d5c9192b17444.exe

Executes dropped EXE 1 IoCs

pid	Process
3060	164bc665d61772bfac7d5c9192b17444.exe

Loads dropped DLL 1 IoCs

pid	Process
2656	164bc665d61772bfac7d5c9192b17444.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2656	164bc665d61772bfac7d5c9192b17444.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2656	164bc665d61772bfac7d5c9192b17444.exe
3060	164bc665d61772bfac7d5c9192b17444.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 3060	2656	164bc665d61772bfac7d5c9192b17444.exe	28
PID 2656 wrote to memory of 3060	2656	164bc665d61772bfac7d5c9192b17444.exe	28
PID 2656 wrote to memory of 3060	2656	164bc665d61772bfac7d5c9192b17444.exe	28
PID 2656 wrote to memory of 3060	2656	164bc665d61772bfac7d5c9192b17444.exe	28

C:\Users\Admin\AppData\Local\Temp\164bc665d61772bfac7d5c9192b17444.exe
"C:\Users\Admin\AppData\Local\Temp\164bc665d61772bfac7d5c9192b17444.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\164bc665d61772bfac7d5c9192b17444.exe
  C:\Users\Admin\AppData\Local\Temp\164bc665d61772bfac7d5c9192b17444.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\164bc665d61772bfac7d5c9192b17444.exe

Filesize
98KB

MD5
00676e1dc411704d0c0337fc01d5b16a

SHA1
9ef7a8fd8e37fea7c8fcd9ab637693f29b8db33b

SHA256
095067a0a1efcfa366d9ae150dbf02e55fca126b401c7ea55e5755271f2086c3

SHA512
c1f80eceaf16a29c0f51bb620718fdfbf449e2e5dab3c7677598969b2d0c37c34b984addf1d51940c49decd7ff86e4cddc764f5509a9ee32afbb3a74f7073e46

Download Submit
\Users\Admin\AppData\Local\Temp\164bc665d61772bfac7d5c9192b17444.exe

Filesize
381KB

MD5
3a2382ed89b29ca5af78add4031c4c37

SHA1
94e2429c9327fd80ffd56dd5913a6f4a5b3183cc

SHA256
737679804a2fea5b0e7ade98524128b2fcea6cb5a1dd77bfe38249c0fd996e72

SHA512
ad4ddece58bf2373d8ed08773bc237e405c5424459a1addaf288aa078c0cdc54b16f2608a142a63c85f80b1f0641f0d21876e3ecd6de4437f952eaeb4833b17c

Download Submit
memory/2656-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2656-2-0x0000000001AD0000-0x0000000001F47000-memory.dmp

Filesize
4.5MB

Download
memory/2656-1-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2656-14-0x00000000039F0000-0x0000000003E67000-memory.dmp

Filesize
4.5MB

Download
memory/2656-13-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/3060-16-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3060-17-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/3060-23-0x0000000003720000-0x000000000396D000-memory.dmp

Filesize
2.3MB

Download
memory/3060-22-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download