86a5d8a8c2c53caccf4935c8224627ff47e26262223fe3e353802134c5a7c826

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2bd10174dd79fcca80fcd765c2bc0a66.exe
Size

3.3MB
MD5

2bd10174dd79fcca80fcd765c2bc0a66
SHA1

18cf3da16fba8b400c4bffb9584af6b163c06ecf
SHA256

86a5d8a8c2c53caccf4935c8224627ff47e26262223fe3e353802134c5a7c826
SHA512

11e3c9a0038e6fee9436cb7f3ac34d2f8067c1cfaf06b40ccefb9c7ac3c24bda210bd2fdd56acdc45a769140ea04027b238aa55c567d7eddba8340ef356602cd
SSDEEP

98304:QkMF6n7tWlMjWJF2shnqKpNv6c3sXAlk2O:PMF6nAMjkRzv6cQXr

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3056	2bd10174dd79fcca80fcd765c2bc0a66.exe

Executes dropped EXE 1 IoCs

pid	Process
3056	2bd10174dd79fcca80fcd765c2bc0a66.exe

Loads dropped DLL 1 IoCs

pid	Process
2928	2bd10174dd79fcca80fcd765c2bc0a66.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2928	2bd10174dd79fcca80fcd765c2bc0a66.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2928	2bd10174dd79fcca80fcd765c2bc0a66.exe
3056	2bd10174dd79fcca80fcd765c2bc0a66.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 3056	2928	2bd10174dd79fcca80fcd765c2bc0a66.exe	28
PID 2928 wrote to memory of 3056	2928	2bd10174dd79fcca80fcd765c2bc0a66.exe	28
PID 2928 wrote to memory of 3056	2928	2bd10174dd79fcca80fcd765c2bc0a66.exe	28
PID 2928 wrote to memory of 3056	2928	2bd10174dd79fcca80fcd765c2bc0a66.exe	28

C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe
"C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe
  C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe

Filesize
92KB

MD5
ac831d95d76c45b1ce8710533845a310

SHA1
97c45cb2273f5448c8540698d5262efe4b717bab

SHA256
009b98a33bc3a6adb730b06d40159a9dcd2b6ab3833e7e694272fb8cef2127c4

SHA512
c62638b8dab103d863af989664ba0485d1c4f10285c1074b1397a18741d49fb1d86913b5ec297cfafeeea5d449efb584f8b3559b131f5d4312b7afdcb95799d8

Download Submit
\Users\Admin\AppData\Local\Temp\2bd10174dd79fcca80fcd765c2bc0a66.exe

Filesize
348KB

MD5
fe59741dbb46d4637f86f864dd627d09

SHA1
498daf1b58aa97d5938b25afc77b8fdff1362e2d

SHA256
b766ed574bcbee167d5fddacd4b27210046e1b50febd3b640bb4fea95c059680

SHA512
38f4a69e7154f5b18e8e545d33388aa97c546509db77a6f0b45629e9dbeb604e3646f19247653c79f70bb3211e0e809ac5d0c40823104edb26735da6a67a4adf

Download Submit
memory/2928-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2928-2-0x0000000001D30000-0x00000000021A7000-memory.dmp

Filesize
4.5MB

Download
memory/2928-1-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2928-16-0x0000000004150000-0x00000000045C7000-memory.dmp

Filesize
4.5MB

Download
memory/2928-14-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/3056-19-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3056-23-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/3056-26-0x0000000003720000-0x000000000396D000-memory.dmp

Filesize
2.3MB

Download
memory/3056-21-0x0000000001AD0000-0x0000000001F47000-memory.dmp

Filesize
4.5MB

Download
memory/3056-15-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download