Analysis
-
max time kernel
117s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31-12-2023 03:54
Static task
static1
Behavioral task
behavioral1
Sample
27180d2471f97c97d9cdd21127fc2ea1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
27180d2471f97c97d9cdd21127fc2ea1.exe
Resource
win10v2004-20231222-en
General
-
Target
27180d2471f97c97d9cdd21127fc2ea1.exe
-
Size
704KB
-
MD5
27180d2471f97c97d9cdd21127fc2ea1
-
SHA1
b90804e24df1165d95f555cae673dad91a6e9855
-
SHA256
d6a77aa17001ec845ad537555f2b82b91cb4c76f65933ac5735ce223e303ef35
-
SHA512
b4885643e156b8a4016cb714959ec059a62bc7dd8bf8b716f27eb2fb4c1e3ab5299e8ff72c3cb94709707d1fa49a51881c70bf632c6f318437b3c595cc8d15ee
-
SSDEEP
12288:0T+WNwbGiZ2QWABE++JIUcebBk/PncyFYfVV6Y3SKJLZmX1:0TEbjlWABKceCTFc9LZmX1
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2592 64DB.tmp -
Executes dropped EXE 1 IoCs
pid Process 2592 64DB.tmp -
Loads dropped DLL 1 IoCs
pid Process 2760 27180d2471f97c97d9cdd21127fc2ea1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2760 wrote to memory of 2592 2760 27180d2471f97c97d9cdd21127fc2ea1.exe 29 PID 2760 wrote to memory of 2592 2760 27180d2471f97c97d9cdd21127fc2ea1.exe 29 PID 2760 wrote to memory of 2592 2760 27180d2471f97c97d9cdd21127fc2ea1.exe 29 PID 2760 wrote to memory of 2592 2760 27180d2471f97c97d9cdd21127fc2ea1.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\27180d2471f97c97d9cdd21127fc2ea1.exe"C:\Users\Admin\AppData\Local\Temp\27180d2471f97c97d9cdd21127fc2ea1.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2760 -
C:\Users\Admin\AppData\Local\Temp\64DB.tmp"C:\Users\Admin\AppData\Local\Temp\64DB.tmp"2⤵
- Deletes itself
- Executes dropped EXE
PID:2592
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
704KB
MD55200c5af076a469d26b7991d8de45b54
SHA15989ea2c462ab8d5f8a8e993aa38a2ac74546b40
SHA256e35d448dc7f33026de9b67557e7c06591b995a305470ca1d0451b70805f0126b
SHA5120b9f2fd08c0db8b299f4836a34855881d22bea758578c6122e782a9e1d87a2d6b3b6d5dcfb89f74d0df7165311dada9d089fa57260ad1cc75752cb89573b3dad