05f61b41bc86a62a061b181c8d0c94268fa74ff7062f57d17b1ff68c4cf878f9

Analysis

max time kernel
3s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43edc8b13f5dfd48fa0026f7d3dee56a.exe
Size

385KB
MD5

43edc8b13f5dfd48fa0026f7d3dee56a
SHA1

6565e1700a287e9542cd573103bdb52cd0d1ccd9
SHA256

05f61b41bc86a62a061b181c8d0c94268fa74ff7062f57d17b1ff68c4cf878f9
SHA512

a057a577a906df66c7d0e823f28d9a623498725fb01fd248cb3b9fdce5991bfd0dc8bfaa4df3ef08bc16ae8d57f99e835f68eee792f94104b38ac02835d24238
SSDEEP

12288:tiD9q/CZegntHG+2ck4iL+1RWHaY3GT7bFjiB:tDAeytmsk4a+mHaY3GPbFjiB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1456	43edc8b13f5dfd48fa0026f7d3dee56a.exe

Executes dropped EXE 1 IoCs

pid	Process
1456	43edc8b13f5dfd48fa0026f7d3dee56a.exe

Loads dropped DLL 1 IoCs

pid	Process
2104	43edc8b13f5dfd48fa0026f7d3dee56a.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2104	43edc8b13f5dfd48fa0026f7d3dee56a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2104	43edc8b13f5dfd48fa0026f7d3dee56a.exe
1456	43edc8b13f5dfd48fa0026f7d3dee56a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 1456	2104	43edc8b13f5dfd48fa0026f7d3dee56a.exe	17
PID 2104 wrote to memory of 1456	2104	43edc8b13f5dfd48fa0026f7d3dee56a.exe	17
PID 2104 wrote to memory of 1456	2104	43edc8b13f5dfd48fa0026f7d3dee56a.exe	17
PID 2104 wrote to memory of 1456	2104	43edc8b13f5dfd48fa0026f7d3dee56a.exe	17

C:\Users\Admin\AppData\Local\Temp\43edc8b13f5dfd48fa0026f7d3dee56a.exe
"C:\Users\Admin\AppData\Local\Temp\43edc8b13f5dfd48fa0026f7d3dee56a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\43edc8b13f5dfd48fa0026f7d3dee56a.exe
  C:\Users\Admin\AppData\Local\Temp\43edc8b13f5dfd48fa0026f7d3dee56a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\43edc8b13f5dfd48fa0026f7d3dee56a.exe

Filesize
53KB

MD5
cfce8568db3a09d9df27383500be00b7

SHA1
b10b550c6f6c382d680722ceffdace5e5f5f5b51

SHA256
34080c493a789df4b879a40f2aba926bce47a2d06ea1f08877457481eafa2dde

SHA512
2da386aa743361e3a98512f735019f99150d40b310cd14b884d98319e2d50a460c68266b9a4cfbeefb50956bc7a30cb7870f64c1dc42a3a346697fe5407d6269

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2B28.tmp

Filesize
22KB

MD5
819a3aed8c97c0ee9f68c88b0f56deba

SHA1
8ab8fb994822ca2010e8f43f6d9c7c3b831ab395

SHA256
45bd363a0d8f62bcd3ab1c4f97bd1607e0bea72e408c767a5a072a3010c61e7e

SHA512
a6e47b0a76d8a237557bf1f01d86a61aed304112b11b53265de5eca5266f226bb56d6c8ec282bbae833ad5cf2b3124547606a4becb48464d2765e53eb6e19e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B3A.tmp

Filesize
72KB

MD5
47f93c9c921217d6d19fa1728799feac

SHA1
8cae7c7be4774256be4c23f5be513bb2e53daeb9

SHA256
86dcb497804512f1c13fd590c66a948a43e0e04ebe9225fb8e32f73d65936c3e

SHA512
17f3c81ca99e6bb37e8fe6f6604a36a58e3f62bbca0e4d5ebd3bf774b838715a5301035dfd2d6c3be32118fe15f5d0b0bb285907b24e17c7994fafcfb74b6772

Download Submit
\Users\Admin\AppData\Local\Temp\43edc8b13f5dfd48fa0026f7d3dee56a.exe

Filesize
92KB

MD5
3eed6b0266264dacc3aa60a0b1b0e2a1

SHA1
642e3bbbd5eaa8ac3984a321314e9288fa9642ea

SHA256
b6230106faafd0a72257154074c9e45ea6e6a555d98b1746f8fe199b9174cf00

SHA512
e6a9ba3ecfc26e3f1ea7dcc71a265ade24644161e38ae1e8c66342964b8fc738878f0ab20e0af6c8a541423fa50ec1545de0ede875a1a84da2c5b26dab9698bd

Download Submit
memory/1456-76-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1456-28-0x0000000001530000-0x000000000158F000-memory.dmp

Filesize
380KB

Download
memory/1456-22-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1456-17-0x0000000000360000-0x00000000003C6000-memory.dmp

Filesize
408KB

Download
memory/1456-81-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1456-82-0x0000000007580000-0x00000000075BC000-memory.dmp

Filesize
240KB

Download
memory/2104-15-0x00000000002D0000-0x0000000000336000-memory.dmp

Filesize
408KB

Download
memory/2104-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2104-14-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2104-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2104-2-0x0000000000190000-0x00000000001F6000-memory.dmp

Filesize
408KB

Download