b49a8907235b9bddd9b0678f187c06215b961b9dfe8a5ba66b84cceb6c3ea01e

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37b4b9a727f7ce60c44466ba39c51fd0.exe
Size

82KB
MD5

37b4b9a727f7ce60c44466ba39c51fd0
SHA1

5215fc4dc910a21dbf31ae8f9e1c7be8b2c6ef35
SHA256

b49a8907235b9bddd9b0678f187c06215b961b9dfe8a5ba66b84cceb6c3ea01e
SHA512

e03c916fd26d067520f7a6fe538531a6a45685fc5a7126c33a732ef9c1c3ddb847995de70ef96318e23e4fc600a3fe6f48cb84a0fd462eaedf9f240c98362359
SSDEEP

1536:/7+YpDpFJqShPzyffTTHoMMGtVPcs8gY7GiKsGVpz9Q9kpCOYH17RG8AzhSwh7gx:/7hN3hrytzdiGiKsEpW9ICOYnrAVgx

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2684	37b4b9a727f7ce60c44466ba39c51fd0.exe

Executes dropped EXE 1 IoCs

pid	Process
2684	37b4b9a727f7ce60c44466ba39c51fd0.exe

Loads dropped DLL 1 IoCs

pid	Process
2460	37b4b9a727f7ce60c44466ba39c51fd0.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2460	37b4b9a727f7ce60c44466ba39c51fd0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2460	37b4b9a727f7ce60c44466ba39c51fd0.exe
2684	37b4b9a727f7ce60c44466ba39c51fd0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2684	2460	37b4b9a727f7ce60c44466ba39c51fd0.exe	29
PID 2460 wrote to memory of 2684	2460	37b4b9a727f7ce60c44466ba39c51fd0.exe	29
PID 2460 wrote to memory of 2684	2460	37b4b9a727f7ce60c44466ba39c51fd0.exe	29
PID 2460 wrote to memory of 2684	2460	37b4b9a727f7ce60c44466ba39c51fd0.exe	29

C:\Users\Admin\AppData\Local\Temp\37b4b9a727f7ce60c44466ba39c51fd0.exe
"C:\Users\Admin\AppData\Local\Temp\37b4b9a727f7ce60c44466ba39c51fd0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Temp\37b4b9a727f7ce60c44466ba39c51fd0.exe
  C:\Users\Admin\AppData\Local\Temp\37b4b9a727f7ce60c44466ba39c51fd0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\37b4b9a727f7ce60c44466ba39c51fd0.exe

Filesize
31KB

MD5
758da942eb20081d50d48f41756a614b

SHA1
4f0a871a22ad66e6abf0ead602fb206aa57d8428

SHA256
e7284140b256b5863d0bec2ae6d93fb235fcd8623c2706f4f094f72025cabfd3

SHA512
33e974fc17c947cf2714682dd34b48d06d7b43acfd583a3cc7b869d07f58542a484658e906b26ede25a308f6d3aeaac18bae23351fa0729d1f5766564071c55e

Download Submit
C:\Users\Admin\AppData\Local\Temp\37b4b9a727f7ce60c44466ba39c51fd0.exe

Filesize
18KB

MD5
03c3249148aa48cf13dea6dff4117cee

SHA1
1005b19d945c4ff8a235d0cc2b73b1da3589af33

SHA256
dcf886aa92e9b3b1dd019830ccfa6028b3dd7aa2b56c152d7ce9c799eed69818

SHA512
59d35e367615c26e91d64fedd83b6cec647f608a4727640170f44f2493fc45e15368a12935c310070f757a07079659291e437bb1691f5c25a9474768ebaa34b7

Download Submit
\Users\Admin\AppData\Local\Temp\37b4b9a727f7ce60c44466ba39c51fd0.exe

Filesize
58KB

MD5
aa6e238bc0d63f2d18abaa98db94b77f

SHA1
53fa2cd61cb4ffd0eec225e0833c02eb81968992

SHA256
de70b312b4bf96eb02ac3f5c8061f41b799b9bf25eb4b510105afe551ee47e19

SHA512
82c05cb2400a669058a27b20b5ccb419e0b6bb19e380b983bf2ab15de9a0ad33a3a36a8d9163e1f0051443d3df5c1b05c8a8845b5ee09b93ed4ffdc8dfb4020e

Download Submit
memory/2460-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2460-7-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2460-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2460-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2460-12-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download
memory/2684-18-0x00000000001E0000-0x000000000020F000-memory.dmp

Filesize
188KB

Download
memory/2684-28-0x0000000000220000-0x000000000023B000-memory.dmp

Filesize
108KB

Download
memory/2684-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download