Analysis
-
max time kernel
150s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
04/01/2024, 20:06
Behavioral task
behavioral1
Sample
41cafb2243de36687d783137f3324f64.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
41cafb2243de36687d783137f3324f64.exe
Resource
win10v2004-20231215-en
General
-
Target
41cafb2243de36687d783137f3324f64.exe
-
Size
1.5MB
-
MD5
41cafb2243de36687d783137f3324f64
-
SHA1
f298ae4cdaffa491182d1f2bd7cf43666da2ee52
-
SHA256
e44f5026c931cd60087d943f52a6f2f88a6a0a224dad2ecfffdbdd017b4c4489
-
SHA512
7d379b86d3820296528699b51db473dbdf0388e92f1412482255a3c619affd1d8eca770cee6fb52a4f545ee4022b6d0d2c5bc3400f118cacfcba768becc7188a
-
SSDEEP
24576:oS0YdMLVvQL87v5KSreuhfg7ONFfuUd12HUL/A+1MIXyHKheY2cW:MYSxQL87B7ThC2zd1cUM4MIlx
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1796 41cafb2243de36687d783137f3324f64.exe -
Executes dropped EXE 1 IoCs
pid Process 1796 41cafb2243de36687d783137f3324f64.exe -
resource yara_rule behavioral2/memory/2212-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000600000002320c-11.dat upx behavioral2/memory/1796-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2212 41cafb2243de36687d783137f3324f64.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2212 41cafb2243de36687d783137f3324f64.exe 1796 41cafb2243de36687d783137f3324f64.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2212 wrote to memory of 1796 2212 41cafb2243de36687d783137f3324f64.exe 91 PID 2212 wrote to memory of 1796 2212 41cafb2243de36687d783137f3324f64.exe 91 PID 2212 wrote to memory of 1796 2212 41cafb2243de36687d783137f3324f64.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exe"C:\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exeC:\Users\Admin\AppData\Local\Temp\41cafb2243de36687d783137f3324f64.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1796
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
174KB
MD5d304ceb4ff2c42b880eeefa50b247f3d
SHA1293fddb9c6e03f253f5635cc49c45450d1e322fc
SHA256fd0d3bbfca3f8b654eb560e1f520c93b5dc2512fc8f2ebe0ee3a999b2c8d8868
SHA512d99936a5113d5366f0340d0dbf62fc9eb63a6977acba3e2ffc633ad0a2f0f595ee2da234de69a3e2667db7f6f01e0c9abe7b90f9af8cc012bb38f0b8f6c61d6a