11546e851dabfdc3efa555ffb069b7036bdaad13e7c90d53754e18816cb43428

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bfb5a189dcc40fd9fb12d863f3aac79.exe
Size

82KB
MD5

3bfb5a189dcc40fd9fb12d863f3aac79
SHA1

dd60fd23187dae8cfc25e7eadc69968147163bc8
SHA256

11546e851dabfdc3efa555ffb069b7036bdaad13e7c90d53754e18816cb43428
SHA512

1c532f6049a105ae964b1bb5cc2b7177ccd752acf3b4fa3f912e82e92b2f665cb3c0bfc0f6410af6158793e0670c3fe5e76b74a4bc9a8b603c04bd7c1ac392f2
SSDEEP

1536:eqOvz6ntjnfBxV6H7cEnkmFpBUKiVS8lTuTDCWcnALcNiKIrrr7btavoSyB7DQSQ:XOvz6ntjnfBz6H7cEnkmFpBUKiVS8aDY

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2800	3bfb5a189dcc40fd9fb12d863f3aac79.exe

Executes dropped EXE 1 IoCs

pid	Process
2800	3bfb5a189dcc40fd9fb12d863f3aac79.exe

Loads dropped DLL 1 IoCs

pid	Process
2760	3bfb5a189dcc40fd9fb12d863f3aac79.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2760	3bfb5a189dcc40fd9fb12d863f3aac79.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2760	3bfb5a189dcc40fd9fb12d863f3aac79.exe
2800	3bfb5a189dcc40fd9fb12d863f3aac79.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2800	2760	3bfb5a189dcc40fd9fb12d863f3aac79.exe	16
PID 2760 wrote to memory of 2800	2760	3bfb5a189dcc40fd9fb12d863f3aac79.exe	16
PID 2760 wrote to memory of 2800	2760	3bfb5a189dcc40fd9fb12d863f3aac79.exe	16
PID 2760 wrote to memory of 2800	2760	3bfb5a189dcc40fd9fb12d863f3aac79.exe	16

C:\Users\Admin\AppData\Local\Temp\3bfb5a189dcc40fd9fb12d863f3aac79.exe
"C:\Users\Admin\AppData\Local\Temp\3bfb5a189dcc40fd9fb12d863f3aac79.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\3bfb5a189dcc40fd9fb12d863f3aac79.exe
  C:\Users\Admin\AppData\Local\Temp\3bfb5a189dcc40fd9fb12d863f3aac79.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3bfb5a189dcc40fd9fb12d863f3aac79.exe

Filesize
45KB

MD5
974b1e7fc63dbf880b7c1d3218e54341

SHA1
0998264a367ef23fad6b46cb4cecf1555f124441

SHA256
d08795b6bb08a664cf1d156f2d0e366a3c7b37dc287fa2d8ca0016d53cf4ac2b

SHA512
587b0dad4edb0641c1c3adf5366e9dafec18e020a2b9f50f6b3f1c681f2ff3abc737f950fa0fe2603a72f3c5af0f8f1ea3f50c747396fddbf6b5f3b13054d900

Download Submit
\Users\Admin\AppData\Local\Temp\3bfb5a189dcc40fd9fb12d863f3aac79.exe

Filesize
36KB

MD5
7b6db8be91461466d72c95400fe4533e

SHA1
8b57727cddfaa3f30953979b4ca94f30c8630223

SHA256
478d674e79354cd49eefa7155d0b9ec3509164b841bbb5e1bd5f3a3118a894d6

SHA512
e361a83f61c082be292e02aa03d478a0726ef0722705bbea558890cad65bc56b3ef63da6f1542123f309cd171793c1350e5a1f74c7755e26b588ad6e389dd734

Download Submit
memory/2760-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2760-2-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2760-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2760-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2800-28-0x0000000000320000-0x000000000033B000-memory.dmp

Filesize
108KB

Download
memory/2800-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2800-17-0x0000000000160000-0x000000000018F000-memory.dmp

Filesize
188KB

Download
memory/2800-16-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download