Analysis
-
max time kernel
161s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 14:23
Behavioral task
behavioral1
Sample
1b51850ae18f84c31ef5ee4391636237.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1b51850ae18f84c31ef5ee4391636237.exe
Resource
win10v2004-20231215-en
General
-
Target
1b51850ae18f84c31ef5ee4391636237.exe
-
Size
5.1MB
-
MD5
1b51850ae18f84c31ef5ee4391636237
-
SHA1
f99658f2b29edcddf15d0082b918e87034e64346
-
SHA256
68a41e2117e39c93541da0c4fa7f74e55fe492a6c5ffa02883ac7a5171ba2786
-
SHA512
bf250fc32d175eea0cfad51bd38beca058711aeb1a8ab930c988adc1c129faabce6a50d9cc9c6c58a53520f8f73db152357a8eed9c0308da6f9078475372873e
-
SSDEEP
98304:1h8MLmCLH4N/RM3S11qronI0Iy5fKP7grvYLS3:1hCKH4RVa0j9
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 5016 1b51850ae18f84c31ef5ee4391636237.exe -
Executes dropped EXE 1 IoCs
pid Process 5016 1b51850ae18f84c31ef5ee4391636237.exe -
resource yara_rule behavioral2/memory/3748-0-0x0000000000400000-0x0000000000D9E000-memory.dmp upx behavioral2/files/0x000700000001e0ce-12.dat upx behavioral2/memory/5016-15-0x0000000000400000-0x0000000000D9E000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3748 1b51850ae18f84c31ef5ee4391636237.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3748 1b51850ae18f84c31ef5ee4391636237.exe 5016 1b51850ae18f84c31ef5ee4391636237.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3748 wrote to memory of 5016 3748 1b51850ae18f84c31ef5ee4391636237.exe 90 PID 3748 wrote to memory of 5016 3748 1b51850ae18f84c31ef5ee4391636237.exe 90 PID 3748 wrote to memory of 5016 3748 1b51850ae18f84c31ef5ee4391636237.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b51850ae18f84c31ef5ee4391636237.exe"C:\Users\Admin\AppData\Local\Temp\1b51850ae18f84c31ef5ee4391636237.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3748 -
C:\Users\Admin\AppData\Local\Temp\1b51850ae18f84c31ef5ee4391636237.exeC:\Users\Admin\AppData\Local\Temp\1b51850ae18f84c31ef5ee4391636237.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:5016
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.1MB
MD53773a7dc58752de73ca25778ab722341
SHA1ec468a58702d7e652cfa49fe8579a4da27acdee3
SHA256d9d5d411e619cfe36ad98fe8d087c3ec844b698e11622eab6c746c74fde6bb2d
SHA512c66deee1f01ddb8136d0b6fb5dda00b6e48a471840e320bcab65f78e52073a464fa07013ba63b40881a636dd4d15e87ecf19f0e09a2161055226a3456dd67872