Analysis
-
max time kernel
6s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 02:18
Static task
static1
Behavioral task
behavioral1
Sample
24409b7f282741a0c72c1fd6ed67bfa4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
24409b7f282741a0c72c1fd6ed67bfa4.exe
Resource
win10v2004-20231215-en
General
-
Target
24409b7f282741a0c72c1fd6ed67bfa4.exe
-
Size
907KB
-
MD5
24409b7f282741a0c72c1fd6ed67bfa4
-
SHA1
f3ef9b232909cc26cd80c5f4220c786ef67bf86a
-
SHA256
752a95e1e96709f1f1eb6fed3a2e32df83d2a36086e2520057f83eac48502812
-
SHA512
f8b76c12626f6c6047fc5d3a9a44605e257a132f68db90d02cf8d5cf13314682def7b4e026beeea0856b2eb27e7e9220c5fa175d5dbf15c722be73a95da7092d
-
SSDEEP
24576:GO6ceGQqk6gaBHS1PQeRDM0x0aKuWQwq5Ca/ZS1:GFGQqkpaU9xC0qWCgS
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2732 24409b7f282741a0c72c1fd6ed67bfa4.exe -
Executes dropped EXE 1 IoCs
pid Process 2732 24409b7f282741a0c72c1fd6ed67bfa4.exe -
Loads dropped DLL 1 IoCs
pid Process 1488 24409b7f282741a0c72c1fd6ed67bfa4.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1488 24409b7f282741a0c72c1fd6ed67bfa4.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1488 24409b7f282741a0c72c1fd6ed67bfa4.exe 2732 24409b7f282741a0c72c1fd6ed67bfa4.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1488 wrote to memory of 2732 1488 24409b7f282741a0c72c1fd6ed67bfa4.exe 21 PID 1488 wrote to memory of 2732 1488 24409b7f282741a0c72c1fd6ed67bfa4.exe 21 PID 1488 wrote to memory of 2732 1488 24409b7f282741a0c72c1fd6ed67bfa4.exe 21 PID 1488 wrote to memory of 2732 1488 24409b7f282741a0c72c1fd6ed67bfa4.exe 21
Processes
-
C:\Users\Admin\AppData\Local\Temp\24409b7f282741a0c72c1fd6ed67bfa4.exe"C:\Users\Admin\AppData\Local\Temp\24409b7f282741a0c72c1fd6ed67bfa4.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Users\Admin\AppData\Local\Temp\24409b7f282741a0c72c1fd6ed67bfa4.exeC:\Users\Admin\AppData\Local\Temp\24409b7f282741a0c72c1fd6ed67bfa4.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2732
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD5b44a08b35141fe9a4bc2541e3c4092c2
SHA197ac0fd117e224780d81c2d9f78b89314224d06c
SHA256c8e5b4afa1f818e090b7342e9ec07841b52620f7d8cddabe21fae961e3b882bf
SHA5123acb2b2c65a9604e03db0923abfccb5a92d5935bfc71e2453e025895179a5c3638034ee8181f9b3e14020f484d26959c6e9aa760e8ff903b0285b7eea27629e5
-
Filesize
46KB
MD5cc25bd30d5cfc292a4733ed0a7852242
SHA1e198c7a5820d7883050dfa5c929a626bf94ad15c
SHA256c2cc192fcb789d545e999210f840e3de7ca3f0fbc57e7a512273e9e715442e9b
SHA512045eb7e05b764f9f2aceffd74879d8c7f62790ee97b25c23b344c32a3e58e7efe16992fb9cdcc1f0bf8ff5ba0cf7dafc4cfb34e383394a69043101022e7c77a9
-
Filesize
1KB
MD5fa527dcd6b5eb05e72fc51570a2a6608
SHA13380c5ef74408265fba2f67e790636d0ad0a51cc
SHA2564dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d
SHA51205c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a
-
Filesize
1KB
MD5f0cafc83c4897062995c4c1111e28ea6
SHA17c0f0cd0ac67b41b88b9e61ff15a0406c2f4cb1a
SHA2567b83d32fa2e2f9d60c103a67c3541cba70ec1f6454761a0457cb1de4b6086e72
SHA512ae9ed519f1a5283ae508caaa4f2abf3b48f47c4dedae5b542b8b6c30079dac509edbaf492fe681aa5d357eb4933fd45538a751541ebd9c73560f5d1166af25df