7c57c242d8fb1376bcc97b83493965c2677664e0b0eaee5d048acbf329d84d3e

Analysis

max time kernel
9s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 17:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

417d8f50a774226b55b9fa64ff9be4d9.exe
Size

385KB
MD5

417d8f50a774226b55b9fa64ff9be4d9
SHA1

4dd19f5bbbb4418a7c4b68f301941924ab317a4c
SHA256

7c57c242d8fb1376bcc97b83493965c2677664e0b0eaee5d048acbf329d84d3e
SHA512

60aa4fef9de75e66e14bf03cc3a165fd36e8088c519aa63ebf07b99f373ae76dd0e74b83b97249e43bc951aa0d00653836bec84632e69c5b272e5245ab12687b
SSDEEP

6144:r5ceGlFl6P3HUqLVwna+d+L0TUq6rY0H9iy/2Q8ejB:r6eGl6P30E8a+00TR6rYa9iyh8ejB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2924	417d8f50a774226b55b9fa64ff9be4d9.exe

Executes dropped EXE 1 IoCs

pid	Process
2924	417d8f50a774226b55b9fa64ff9be4d9.exe

Loads dropped DLL 1 IoCs

pid	Process
2976	417d8f50a774226b55b9fa64ff9be4d9.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2976	417d8f50a774226b55b9fa64ff9be4d9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2976	417d8f50a774226b55b9fa64ff9be4d9.exe
2924	417d8f50a774226b55b9fa64ff9be4d9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2924	2976	417d8f50a774226b55b9fa64ff9be4d9.exe	14
PID 2976 wrote to memory of 2924	2976	417d8f50a774226b55b9fa64ff9be4d9.exe	14
PID 2976 wrote to memory of 2924	2976	417d8f50a774226b55b9fa64ff9be4d9.exe	14
PID 2976 wrote to memory of 2924	2976	417d8f50a774226b55b9fa64ff9be4d9.exe	14

C:\Users\Admin\AppData\Local\Temp\417d8f50a774226b55b9fa64ff9be4d9.exe
C:\Users\Admin\AppData\Local\Temp\417d8f50a774226b55b9fa64ff9be4d9.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2924

C:\Users\Admin\AppData\Local\Temp\417d8f50a774226b55b9fa64ff9be4d9.exe
"C:\Users\Admin\AppData\Local\Temp\417d8f50a774226b55b9fa64ff9be4d9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\417d8f50a774226b55b9fa64ff9be4d9.exe

Filesize
11KB

MD5
b03493ba47943e61afc3ea4dc2f26afc

SHA1
94d8600509a8166e2754176266cbd1a0c441cdc4

SHA256
5bc05a1f24fbb7e26a79f49edd6053277f3725c9e7ffcc7d9f9974626cdbdfa9

SHA512
14174a49914ae55366f93796b4f95bd90615f39b225676c44758d163293ed649a3422559b9209a76edb27d3f6723c5b8b227a915273bc86e928b100bac34497a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2E62.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E75.tmp

Filesize
12KB

MD5
248e2477cef276d9cec1abb3a3076ca6

SHA1
b84f4d944ecafe0e0221220b7d776ded25375cea

SHA256
91419c5e5ed5b16ecd17ca859245797962764095ef232b0943c0cf2dc2f16b89

SHA512
efbcd48034c4ecdcae393d4360ffb60d9d04c1d3aad7e287b5d422fd200277eea0bc94eabf108bd6ae1240264f94d81a406f660c477249d512aa7af5ed9e6c0b

Download Submit
\Users\Admin\AppData\Local\Temp\417d8f50a774226b55b9fa64ff9be4d9.exe

Filesize
52KB

MD5
0a720ab91caee4132ae51b2d4368f0dd

SHA1
49f36e4399f6eb6e55c871ba6f7fd10bddbef09c

SHA256
800cf49a8ba87c6331813b3f8e723150a9a8e37348e85b27f95ceb7a58b48f25

SHA512
0e67019dfe5ccc9aba33a5a561c1636c8172ada49261aa67e52e3bd25d68c90de358e28684d892e6b222b2b50656d98e4863c32ec8191641f0a0be9a82974289

Download Submit
memory/2924-28-0x0000000001470000-0x00000000014CF000-memory.dmp

Filesize
380KB

Download
memory/2924-19-0x0000000000220000-0x0000000000286000-memory.dmp

Filesize
408KB

Download
memory/2924-23-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2924-17-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2924-83-0x000000000DC60000-0x000000000DC9C000-memory.dmp

Filesize
240KB

Download
memory/2924-82-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2924-77-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2976-15-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/2976-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2976-13-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2976-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2976-2-0x0000000000210000-0x0000000000276000-memory.dmp

Filesize
408KB

Download