Analysis
-
max time kernel
144s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 05:21
Behavioral task
behavioral1
Sample
29c9eba761e291009efe78b10040b36a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
29c9eba761e291009efe78b10040b36a.exe
Resource
win10v2004-20231215-en
General
-
Target
29c9eba761e291009efe78b10040b36a.exe
-
Size
1.3MB
-
MD5
29c9eba761e291009efe78b10040b36a
-
SHA1
fabddddd700863cb2a7e84e3c7c98d1780fffdf5
-
SHA256
ee56ab26a0c5b121ca4494e9ae6adef50560682ff47d2a8f4db5b1cc4e8edcb7
-
SHA512
91ebec49f625daf6692f514197c1004113590f1fd91754f03c708005d39e5523e79387844167e8ab4603deda7753691e1536f243e76acefe73a0f10fc6709527
-
SSDEEP
24576:VpWSVExuyNyhWM1YNMErlMbHVkXJRyUuHiaGFN3XA/kfKK0g/E4lqoU9/9Us:Vp1VExNybYNMmlOHVGkiaGFNHA/K/5MX
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3432 29c9eba761e291009efe78b10040b36a.exe -
Executes dropped EXE 1 IoCs
pid Process 3432 29c9eba761e291009efe78b10040b36a.exe -
resource yara_rule behavioral2/memory/1104-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x0006000000023204-12.dat upx behavioral2/memory/3432-14-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1104 29c9eba761e291009efe78b10040b36a.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1104 29c9eba761e291009efe78b10040b36a.exe 3432 29c9eba761e291009efe78b10040b36a.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1104 wrote to memory of 3432 1104 29c9eba761e291009efe78b10040b36a.exe 93 PID 1104 wrote to memory of 3432 1104 29c9eba761e291009efe78b10040b36a.exe 93 PID 1104 wrote to memory of 3432 1104 29c9eba761e291009efe78b10040b36a.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe"C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exeC:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3432
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD541c00dff2a6d7c34dee262250e2b1362
SHA1377c01564ded68c4230b0ac4f47c4d73a19743d7
SHA25696fb8ca9718f27bdd19ca83d03d0cff07876a33786f6cd5e74c68381f4c1b632
SHA512ed5b8f1abed2733a6e569533cdb9f8a350531e56f8455b1505d1106650eee20fbae79d5c3cad5f6c860c0565c6f6e652c0f0df9fe0e4d8f7a5f53b133e0b0266