a7f48f6bd93f2fb39c5bbdbf97d426b9fffdcfeeb4c3a27e97478ce999911ec3

Analysis

max time kernel
3s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c5d6798eb37526539867d28ae94e32d.exe
Size

907KB
MD5

3c5d6798eb37526539867d28ae94e32d
SHA1

08d077128cd1f09675da34eec4c6ad682fe22e60
SHA256

a7f48f6bd93f2fb39c5bbdbf97d426b9fffdcfeeb4c3a27e97478ce999911ec3
SHA512

732c24560ca991a49921ddadb2761ba38aa11e604c8646dc0280a3ab580244b2f4f8da6e99b042b3105f6fa0b4499401ce8438c0dbd6d78bc889306c979b78f4
SSDEEP

24576:2xH2RrBOwsBriadXQGKuJDUtr31GRNBRa/ZS1:2d8OwurDQ6DUtbkngS

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2424	3c5d6798eb37526539867d28ae94e32d.exe

Executes dropped EXE 1 IoCs

pid	Process
2424	3c5d6798eb37526539867d28ae94e32d.exe

Loads dropped DLL 1 IoCs

pid	Process
1544	3c5d6798eb37526539867d28ae94e32d.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1544	3c5d6798eb37526539867d28ae94e32d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1544	3c5d6798eb37526539867d28ae94e32d.exe
2424	3c5d6798eb37526539867d28ae94e32d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2424	1544	3c5d6798eb37526539867d28ae94e32d.exe	20
PID 1544 wrote to memory of 2424	1544	3c5d6798eb37526539867d28ae94e32d.exe	20
PID 1544 wrote to memory of 2424	1544	3c5d6798eb37526539867d28ae94e32d.exe	20
PID 1544 wrote to memory of 2424	1544	3c5d6798eb37526539867d28ae94e32d.exe	20

C:\Users\Admin\AppData\Local\Temp\3c5d6798eb37526539867d28ae94e32d.exe
"C:\Users\Admin\AppData\Local\Temp\3c5d6798eb37526539867d28ae94e32d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Users\Admin\AppData\Local\Temp\3c5d6798eb37526539867d28ae94e32d.exe
  C:\Users\Admin\AppData\Local\Temp\3c5d6798eb37526539867d28ae94e32d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3c5d6798eb37526539867d28ae94e32d.exe

Filesize
60KB

MD5
9defe6036bde8d5dbe4900ef26f7f119

SHA1
f625315d8ba32334f0a4e0d5e766a7b94052f6fe

SHA256
12f312d2b95bfc4df84c9667a31fd651200335401a1616458fb5e1af8b0e17e3

SHA512
47573e7dd7232632c6c9cbc6851eed1f121254ad824c35114886260b4fea23583612304f0637a08682ba08fd639281b9ee55cfe80b6d804093cea4568c00c7ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9002.tmp

Filesize
49KB

MD5
2654e9b349af99934ad4ec5dea304e0d

SHA1
1d32375205ab82ff5faf8c375db8fb0fedd74abf

SHA256
3a70f3a8dae7d3fe27cfb3d4d9d8601595a64d2b31128b16ebf023910090b88a

SHA512
19c15505135e11c95b1a16c8da6c000013afad598d4e52379ead16faee9a27dfb3dc944672483a9fd89966e45129a77a2da1add98a39d9927479ce83cc24cb13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9043.tmp

Filesize
57KB

MD5
3d77a51351bbbbfbed455f36c5c90cb1

SHA1
e70333868e2e8fbfe6ac21fb0b2f018cfb6659e9

SHA256
28772b467416a90067ad2c78689f75660e05799716a3e2eb4328348a8f4c16c0

SHA512
9dc1219b810b2547a648356e1a3137e693afcda7f68ffb7213e1d71d8845c320b0b7964854a35383d9ffea83eed3211e98fbd7caf2b5dfec3b3383048332679b

Download Submit
\Users\Admin\AppData\Local\Temp\3c5d6798eb37526539867d28ae94e32d.exe

Filesize
5KB

MD5
a5259e2aed326a1568c7c32d991fb0e7

SHA1
dcf28710beb52beca64fd5204071852541084acb

SHA256
90a9c2da5f42d0b4cbdd903536dd786d10ae93cc9be6c711b496c68f63be691d

SHA512
0d8eda6727e155a5243c71ee364d69bb0ae442c056da09920c61fa3f83ee35760f9c0b6724c864e39ec425663ceb1c454ea8ea7d97824541fd3eccd87fff5f5a

Download Submit
memory/1544-12-0x0000000003190000-0x0000000003278000-memory.dmp

Filesize
928KB

Download
memory/1544-15-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1544-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1544-5-0x0000000000300000-0x00000000003E8000-memory.dmp

Filesize
928KB

Download
memory/1544-1-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2424-22-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/2424-17-0x0000000000310000-0x00000000003F8000-memory.dmp

Filesize
928KB

Download
memory/2424-27-0x0000000002F40000-0x0000000002FFB000-memory.dmp

Filesize
748KB

Download
memory/2424-76-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2424-79-0x000000000EC60000-0x000000000ECF8000-memory.dmp

Filesize
608KB

Download