bbedd553e7f3efba4bfb2ec184b28def8a7bed095ff42d45eb9081c1c8831671

Analysis

max time kernel
146s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44125b8833ab6c78b8fdc654808ef0a8.exe
Size

771KB
MD5

44125b8833ab6c78b8fdc654808ef0a8
SHA1

c0b86c6c3f534597bbbc15eb3c5cd7adf08b5382
SHA256

bbedd553e7f3efba4bfb2ec184b28def8a7bed095ff42d45eb9081c1c8831671
SHA512

8fe429aafe6f9a795a167c38c09d14c1822a48faad705f4d5c39162897a9993a42aa5dbc402784de9ae4dae11d98296695473f1885968996be79d0a1103bfa02
SSDEEP

24576:9V0Fw9ARwmHfKjZMb10hJaothZ2/T6FBBB:30Fw9swmHIZm/ofT

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2020	44125b8833ab6c78b8fdc654808ef0a8.exe

Executes dropped EXE 1 IoCs

pid	Process
2020	44125b8833ab6c78b8fdc654808ef0a8.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
912	44125b8833ab6c78b8fdc654808ef0a8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
912	44125b8833ab6c78b8fdc654808ef0a8.exe
2020	44125b8833ab6c78b8fdc654808ef0a8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 2020	912	44125b8833ab6c78b8fdc654808ef0a8.exe	92
PID 912 wrote to memory of 2020	912	44125b8833ab6c78b8fdc654808ef0a8.exe	92
PID 912 wrote to memory of 2020	912	44125b8833ab6c78b8fdc654808ef0a8.exe	92

C:\Users\Admin\AppData\Local\Temp\44125b8833ab6c78b8fdc654808ef0a8.exe
"C:\Users\Admin\AppData\Local\Temp\44125b8833ab6c78b8fdc654808ef0a8.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:912
- C:\Users\Admin\AppData\Local\Temp\44125b8833ab6c78b8fdc654808ef0a8.exe
  C:\Users\Admin\AppData\Local\Temp\44125b8833ab6c78b8fdc654808ef0a8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\44125b8833ab6c78b8fdc654808ef0a8.exe

Filesize
771KB

MD5
2e2c9e8f36e15858a41456976f8e796d

SHA1
110119c739c25a66d6f5c5f44d59209ca20ee391

SHA256
daabfa851bc5ce08108f8c83651ad960581ecd40562afc3c161445701b68738e

SHA512
30e24600d804e7c746eb2a0a1c88defec2cda0d5243f81818906880e69aa7dad481f7a2b8324a8ba609abe3bc876beaf20dc289bf140f90895411be0322cd4c1

Download Submit
memory/912-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/912-1-0x0000000000170000-0x00000000001D6000-memory.dmp

Filesize
408KB

Download
memory/912-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/912-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2020-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2020-14-0x0000000001610000-0x0000000001676000-memory.dmp

Filesize
408KB

Download
memory/2020-20-0x0000000004EE0000-0x0000000004F3F000-memory.dmp

Filesize
380KB

Download
memory/2020-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2020-33-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2020-36-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/2020-39-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download