bf222b2e09c30c9d0b34241f11a495de50192ff7bb6a4f4249f132c8880b02ed

Analysis

max time kernel
7s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a7aafe0e9cbfa09c3211ff7b06405ef.exe
Size

385KB
MD5

3a7aafe0e9cbfa09c3211ff7b06405ef
SHA1

d9cec44a916d00a64ce602d741135d01a8e2f4d8
SHA256

bf222b2e09c30c9d0b34241f11a495de50192ff7bb6a4f4249f132c8880b02ed
SHA512

511c20c8eecbb1891f0cfbe8ffc9b46c46f450b38c5c6a6b3abf34dc66e066385f4047c04b5087e6419d3265f75eba89ba0555816f420f6286c2b52a28825d25
SSDEEP

6144:cmr7GN+Ws5eclzJeU1jNbrf7rPFXwhDfcunCGvZoDFztx3GX9jGB:cmXGI5tnbrPPFcp8DhtNo9aB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2136	3a7aafe0e9cbfa09c3211ff7b06405ef.exe

Executes dropped EXE 1 IoCs

pid	Process
2136	3a7aafe0e9cbfa09c3211ff7b06405ef.exe

Loads dropped DLL 1 IoCs

pid	Process
2108	3a7aafe0e9cbfa09c3211ff7b06405ef.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2108	3a7aafe0e9cbfa09c3211ff7b06405ef.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2108	3a7aafe0e9cbfa09c3211ff7b06405ef.exe
2136	3a7aafe0e9cbfa09c3211ff7b06405ef.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2136	2108	3a7aafe0e9cbfa09c3211ff7b06405ef.exe	19
PID 2108 wrote to memory of 2136	2108	3a7aafe0e9cbfa09c3211ff7b06405ef.exe	19
PID 2108 wrote to memory of 2136	2108	3a7aafe0e9cbfa09c3211ff7b06405ef.exe	19
PID 2108 wrote to memory of 2136	2108	3a7aafe0e9cbfa09c3211ff7b06405ef.exe	19

C:\Users\Admin\AppData\Local\Temp\3a7aafe0e9cbfa09c3211ff7b06405ef.exe
"C:\Users\Admin\AppData\Local\Temp\3a7aafe0e9cbfa09c3211ff7b06405ef.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\3a7aafe0e9cbfa09c3211ff7b06405ef.exe
  C:\Users\Admin\AppData\Local\Temp\3a7aafe0e9cbfa09c3211ff7b06405ef.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3a7aafe0e9cbfa09c3211ff7b06405ef.exe

Filesize
24KB

MD5
732aa3aee2abaa6a2574f737b48ff264

SHA1
42bbca7560c5489114c37ac96e24b5ca41ab4cf2

SHA256
49a2970a32c098232338f291a73937ff4f16e77c3bc8f21c9822a687b071c86e

SHA512
506c7a93b57c3f280186a627534266a21af37e38455e7fcfa9fc4708fc096275483570e69d1f3eb9a784f2c636a9524c9eb679f43f27a895faaaa23cb028d77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5553.tmp

Filesize
45KB

MD5
dc38d629e51926a750b443772d7c8c65

SHA1
2868765523e76b2e6706f18ecb665f4631a00d00

SHA256
21a98ea45d4ca76fc03cd769b01345da379395b41295e1506644149d0a378883

SHA512
beb8198332e8771a0475a925a4b31a8a80df9a04dc889442d1a4e024b1b66709acc3e347d50af1868d5d0c351d489cd454fc2523f752ea9dec56b9a9d6048ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5594.tmp

Filesize
31KB

MD5
3f26e9f59a8ada39cb9a5e46676b3a24

SHA1
73525ecdc7123bdfc18bd526812f1f84338f2e00

SHA256
61042db41cdfcc5ee2d7611449c7e037a8aad13a49ea32792cbd7cbb2764fa05

SHA512
a2b4b135cc68167695f924ac0bc1179c3ca2375b9119573ae5ad2ae6a8942c62282967ab1e8efe46b9bb411b20092c14ffe3143da66e69a7c8d9af33eebcec8d

Download Submit
\Users\Admin\AppData\Local\Temp\3a7aafe0e9cbfa09c3211ff7b06405ef.exe

Filesize
64KB

MD5
bbf3d633dc4ca698f9eebdfb077c720f

SHA1
18ec645571123081e9ae7290ca1eb944ce85d145

SHA256
837826d54d257c72d027a3e6fdb7800c7c4a4dcced70995045adeb1179e05177

SHA512
f0c0e8f9632959214ce22884b6f0721feeb0cbc309f3c60b2e44d91b979d48671613fa835441dff975020820585acd2bcf8296e36482a1ec192d67661982a168

Download Submit
memory/2108-12-0x00000000014E0000-0x0000000001546000-memory.dmp

Filesize
408KB

Download
memory/2108-15-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2108-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2108-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2108-2-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/2136-18-0x0000000000190000-0x00000000001F6000-memory.dmp

Filesize
408KB

Download
memory/2136-24-0x0000000002CE0000-0x0000000002D3F000-memory.dmp

Filesize
380KB

Download
memory/2136-22-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2136-82-0x000000000D6F0000-0x000000000D72C000-memory.dmp

Filesize
240KB

Download
memory/2136-81-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2136-76-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download