6b2cdbb6b711d4b2dd358a43184b813356d636f697b75839b728293dcbb043a4

Analysis

max time kernel
150s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

262c3a17249cf285ff0ecbbe1f016f63.exe
Size

907KB
MD5

262c3a17249cf285ff0ecbbe1f016f63
SHA1

a6f28c716816bb68574f0f4ada377ff9ea93be38
SHA256

6b2cdbb6b711d4b2dd358a43184b813356d636f697b75839b728293dcbb043a4
SHA512

f8ff348188fb812bedd2addd99a1ffccb4f20cfa9d9041cbf0fd7283ecc789597b4f39b1cdb22a806154c0e59c9cf898486761f6642fc059d5f627f03d04b50b
SSDEEP

24576:k77J6dQP2ky8B5vZwQPt/mO6B1DKZa/ZS1:WR2ky8zZwQ1/vgS

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4592	262c3a17249cf285ff0ecbbe1f016f63.exe

Executes dropped EXE 1 IoCs

pid	Process
4592	262c3a17249cf285ff0ecbbe1f016f63.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
492	262c3a17249cf285ff0ecbbe1f016f63.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
492	262c3a17249cf285ff0ecbbe1f016f63.exe
4592	262c3a17249cf285ff0ecbbe1f016f63.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 492 wrote to memory of 4592	492	262c3a17249cf285ff0ecbbe1f016f63.exe	91
PID 492 wrote to memory of 4592	492	262c3a17249cf285ff0ecbbe1f016f63.exe	91
PID 492 wrote to memory of 4592	492	262c3a17249cf285ff0ecbbe1f016f63.exe	91

C:\Users\Admin\AppData\Local\Temp\262c3a17249cf285ff0ecbbe1f016f63.exe
"C:\Users\Admin\AppData\Local\Temp\262c3a17249cf285ff0ecbbe1f016f63.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:492
- C:\Users\Admin\AppData\Local\Temp\262c3a17249cf285ff0ecbbe1f016f63.exe
  C:\Users\Admin\AppData\Local\Temp\262c3a17249cf285ff0ecbbe1f016f63.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\262c3a17249cf285ff0ecbbe1f016f63.exe

Filesize
386KB

MD5
e8e0f513a384163c90c196fce2574f59

SHA1
0f71747b68ce1d022bd12b3a255e28bbc218b6bb

SHA256
1576fc76979a653b44801c98fb073837bc3a172c5d8e8f319dbd9018467eac50

SHA512
691ddde8ffbebfd5e7d1df0f8529c27c2f20557fe767f2401c62ef50af449523feaf637b9a67f7975b268006d6fceb104a30b5c342f23915b37a67cbeab825dd

Download Submit
memory/492-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/492-1-0x00000000016E0000-0x00000000017C8000-memory.dmp

Filesize
928KB

Download
memory/492-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/492-12-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/4592-13-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/4592-15-0x0000000001790000-0x0000000001878000-memory.dmp

Filesize
928KB

Download
memory/4592-20-0x0000000005160000-0x000000000521B000-memory.dmp

Filesize
748KB

Download
memory/4592-21-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4592-30-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4592-33-0x000000000B800000-0x000000000B898000-memory.dmp

Filesize
608KB

Download