Analysis
-
max time kernel
33s -
max time network
161s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
06/01/2024, 09:39
Behavioral task
behavioral1
Sample
45e755057737c8be784120263eb87a2e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
45e755057737c8be784120263eb87a2e.exe
Resource
win10v2004-20231215-en
General
-
Target
45e755057737c8be784120263eb87a2e.exe
-
Size
1.3MB
-
MD5
45e755057737c8be784120263eb87a2e
-
SHA1
dcb880ae29941813cfcbf2cea9addacbd5326c9f
-
SHA256
f2993b781e08ecc4dc808673804a64049de45d57a5d0af6f173236badf31521d
-
SHA512
922ac5728360d55a8fcb0988720b1f1c8e217f1ac76fe464aca899e7ab200866325ff69598096fa9d6ef8dcfba236f45b544315c9e477c67eedf0c9f86cb6a01
-
SSDEEP
24576:jExhD3s867/n4RNXzl1HTSxW46VGRqemGrBEPs/uDfioddJdCZvG:j2hD336UNptTS76wqemXPwumo9A
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2532 45e755057737c8be784120263eb87a2e.exe -
Executes dropped EXE 1 IoCs
pid Process 2532 45e755057737c8be784120263eb87a2e.exe -
Loads dropped DLL 1 IoCs
pid Process 2672 45e755057737c8be784120263eb87a2e.exe -
resource yara_rule behavioral1/memory/2672-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000a000000012252-15.dat upx behavioral1/files/0x000a000000012252-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2672 45e755057737c8be784120263eb87a2e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2672 45e755057737c8be784120263eb87a2e.exe 2532 45e755057737c8be784120263eb87a2e.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2672 wrote to memory of 2532 2672 45e755057737c8be784120263eb87a2e.exe 24 PID 2672 wrote to memory of 2532 2672 45e755057737c8be784120263eb87a2e.exe 24 PID 2672 wrote to memory of 2532 2672 45e755057737c8be784120263eb87a2e.exe 24 PID 2672 wrote to memory of 2532 2672 45e755057737c8be784120263eb87a2e.exe 24
Processes
-
C:\Users\Admin\AppData\Local\Temp\45e755057737c8be784120263eb87a2e.exe"C:\Users\Admin\AppData\Local\Temp\45e755057737c8be784120263eb87a2e.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Users\Admin\AppData\Local\Temp\45e755057737c8be784120263eb87a2e.exeC:\Users\Admin\AppData\Local\Temp\45e755057737c8be784120263eb87a2e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2532
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
260KB
MD53f1d64d2bc56e0f629347bb1e0dd9333
SHA17b257158df207c28e6333c2cfe217d08cbc294ce
SHA25691c2450bf3c725bd1d831bfdde96637a99097bec8837bafaaba65912491b7009
SHA512e369a9379936bf79cda54999473798be8b970e9a7bc8c267e0a07772fe91dc5ab8764dd3de56755647ce2e6fce0719434de0feed19abcead6f7ca557df34367f
-
Filesize
228KB
MD51f87c9627a888e06e8cb691f3db04662
SHA14d8b8d8219e0cdc9ca7a9fa8f27d0483d01a62d0
SHA256473f286254e3833152493436fd8af3f6fe9af0185d52208efcf5586d7f5c3f0d
SHA512a44a5898965dbcf89b065f484235a840227f1a310ba8d4fdb781da715aba429970b1aa07ef07c12ce62346971df00502b443c112fbfe372bd18e20d962c6509a