4d07568f569f5f59172c62a935515931c8eea51984ad2a4c6899aff877d856a2

Analysis

max time kernel
8s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38a6dd15d47d0ae89cec6f94532f6b66.exe
Size

385KB
MD5

38a6dd15d47d0ae89cec6f94532f6b66
SHA1

b28e23b77d779cc8499e3a3202cf78743feafbb0
SHA256

4d07568f569f5f59172c62a935515931c8eea51984ad2a4c6899aff877d856a2
SHA512

9959646edbc3cf067e5de8451bff4b1d55c03bce92b4a639334c1133d71bc5bf5a9db618c0e94eaa9182ba0ef32f8ff542bf54ba693ef04d5645966b19b39fb1
SSDEEP

12288:Ru75D7J+Kqjmc7OScWMXzn+8Um0HQOkFvPfB:Odt+bmxrn1Um+ZkBXB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2352	38a6dd15d47d0ae89cec6f94532f6b66.exe

Executes dropped EXE 1 IoCs

pid	Process
2352	38a6dd15d47d0ae89cec6f94532f6b66.exe

Loads dropped DLL 1 IoCs

pid	Process
1424	38a6dd15d47d0ae89cec6f94532f6b66.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1424	38a6dd15d47d0ae89cec6f94532f6b66.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1424	38a6dd15d47d0ae89cec6f94532f6b66.exe
2352	38a6dd15d47d0ae89cec6f94532f6b66.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 2352	1424	38a6dd15d47d0ae89cec6f94532f6b66.exe	17
PID 1424 wrote to memory of 2352	1424	38a6dd15d47d0ae89cec6f94532f6b66.exe	17
PID 1424 wrote to memory of 2352	1424	38a6dd15d47d0ae89cec6f94532f6b66.exe	17
PID 1424 wrote to memory of 2352	1424	38a6dd15d47d0ae89cec6f94532f6b66.exe	17

C:\Users\Admin\AppData\Local\Temp\38a6dd15d47d0ae89cec6f94532f6b66.exe
"C:\Users\Admin\AppData\Local\Temp\38a6dd15d47d0ae89cec6f94532f6b66.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Users\Admin\AppData\Local\Temp\38a6dd15d47d0ae89cec6f94532f6b66.exe
  C:\Users\Admin\AppData\Local\Temp\38a6dd15d47d0ae89cec6f94532f6b66.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\38a6dd15d47d0ae89cec6f94532f6b66.exe

Filesize
1KB

MD5
54785cd66e80de1296805ca522e45278

SHA1
a31df9cc625b903537e5ffa4c3f4225a2c349003

SHA256
d601ce72e17aa28bc2983e65b640bcb0b25945c6435e57c7325b38a7dec27c4b

SHA512
bc37b443bdd888c916e7085dcc43bb33fb98384ee1f38af0bef5b823550e9dddaf3b2aa5541b635244626c516d95c7e91724a4bc45be42aa977a04ed7cee1846

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5C16.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5C58.tmp

Filesize
87KB

MD5
cce279cee2bd2122d72bf94c4fdf9f07

SHA1
419b36e539dd2808639ca797b9fce5d308f4a78f

SHA256
2cd25034a5715f678908b9f20a9fae61169b10ca983d5c9260e352c429d914e6

SHA512
85eb8936177ee7964afd7217e7f71d2194c874bab37bb30109640613583493dfdae2a0ead9e8bf99133035392a0ad16823857d930fb10479537eeaaa5469a18f

Download Submit
\Users\Admin\AppData\Local\Temp\38a6dd15d47d0ae89cec6f94532f6b66.exe

Filesize
48KB

MD5
7461aef6e7960dff99b3848c5c531918

SHA1
99bd06f7ec25f6529314b14bedcfa5843de6ea02

SHA256
5157dfc13721103f8817635a1af78be31bd31a9c432a47f2936b4680cad948d1

SHA512
577d8dac79a5d70a9b6b61d94389cc7bf3b0e5c4753c7080d0186a18a8d5773419132b304633c6ec095ea8d034af94502ad59173f5d22cbb030c9ea797df6e28

Download Submit
memory/1424-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1424-14-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1424-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1424-6-0x0000000000220000-0x0000000000286000-memory.dmp

Filesize
408KB

Download
memory/1424-12-0x0000000000290000-0x00000000002F6000-memory.dmp

Filesize
408KB

Download
memory/2352-19-0x0000000000320000-0x0000000000386000-memory.dmp

Filesize
408KB

Download
memory/2352-23-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2352-28-0x0000000002CA0000-0x0000000002CFF000-memory.dmp

Filesize
380KB

Download
memory/2352-16-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2352-83-0x000000000E750000-0x000000000E78C000-memory.dmp

Filesize
240KB

Download
memory/2352-82-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2352-77-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2352-84-0x000000000E750000-0x000000000E78C000-memory.dmp

Filesize
240KB

Download