Analysis
-
max time kernel
143s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05/01/2024, 01:42
Static task
static1
Behavioral task
behavioral1
Sample
4271e0db6d02b5445fd2171f1193a273.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4271e0db6d02b5445fd2171f1193a273.exe
Resource
win10v2004-20231215-en
General
-
Target
4271e0db6d02b5445fd2171f1193a273.exe
-
Size
771KB
-
MD5
4271e0db6d02b5445fd2171f1193a273
-
SHA1
b53b69b335a9daffd0aa4ad3abb9c53661072cb4
-
SHA256
5d0cf221808309858ffcb9595b3fd9791d66c012b65438b2615d31b962d8120e
-
SHA512
4f9134cfa2ae8967b46ed496b41e02f100e83ea596e94fd9bc9b426cda530dc71f153621f8f0c531b1546247069bc853f53ca92e8e41291c79326a92a2c1d983
-
SSDEEP
12288:mcWQlL5JSFKfxAwkzl3ijwDK0NS8zb10VHmDXTuFaa2AtyGTKOF25ZoJJyhRge8V:TWSJM0Awc9e8zb10hJaothZ2/T6FBBB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2324 4271e0db6d02b5445fd2171f1193a273.exe -
Executes dropped EXE 1 IoCs
pid Process 2324 4271e0db6d02b5445fd2171f1193a273.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4632 4271e0db6d02b5445fd2171f1193a273.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4632 4271e0db6d02b5445fd2171f1193a273.exe 2324 4271e0db6d02b5445fd2171f1193a273.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4632 wrote to memory of 2324 4632 4271e0db6d02b5445fd2171f1193a273.exe 90 PID 4632 wrote to memory of 2324 4632 4271e0db6d02b5445fd2171f1193a273.exe 90 PID 4632 wrote to memory of 2324 4632 4271e0db6d02b5445fd2171f1193a273.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\4271e0db6d02b5445fd2171f1193a273.exe"C:\Users\Admin\AppData\Local\Temp\4271e0db6d02b5445fd2171f1193a273.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4632 -
C:\Users\Admin\AppData\Local\Temp\4271e0db6d02b5445fd2171f1193a273.exeC:\Users\Admin\AppData\Local\Temp\4271e0db6d02b5445fd2171f1193a273.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2324
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
771KB
MD546da36ed29a1756bc23e82bca7f26dad
SHA1ba10cc0d2eacd951b39139b6f277e4beed52a4de
SHA2564c4016b800862d626efb09548b9483b662d1307078b2379c2c6803a458e754bd
SHA5125603cc6df68b3c89877c7138774901725b908325bc9ebcd06d309135db62b0843b6fd2539d98abc68946c4e0c0943ccf0c710d946ba075cc401695f55868e6d2