Analysis
-
max time kernel
142s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2024, 01:29
Behavioral task
behavioral1
Sample
47ac9c3df3f26bdf6e45a018617237a8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
47ac9c3df3f26bdf6e45a018617237a8.exe
Resource
win10v2004-20231215-en
General
-
Target
47ac9c3df3f26bdf6e45a018617237a8.exe
-
Size
5.8MB
-
MD5
47ac9c3df3f26bdf6e45a018617237a8
-
SHA1
465095108b37f9b29a64ec334704f74009870c62
-
SHA256
b61d3f02d615b46f1911fb2cb2b2f32070f96a304aea95824da8ccf3ad5b3c49
-
SHA512
65c750b689f673aea2287491bd2347da35cb400af2b95e3e19bd4fc4bf80faa7364960e4eac88ab1394930f0f4c7192677e8470b0f7fb6026f877a6f6c5a1d8e
-
SSDEEP
98304:HRoQOK5/6udHgg3gnl/IVUs1jePsct6IRhuzngg3gnl/IVUs1jePs:HRoQ1/Dgl/iBiPTnsgl/iBiP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4704 47ac9c3df3f26bdf6e45a018617237a8.exe -
Executes dropped EXE 1 IoCs
pid Process 4704 47ac9c3df3f26bdf6e45a018617237a8.exe -
resource yara_rule behavioral2/memory/3860-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0009000000022480-11.dat upx behavioral2/memory/4704-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3860 47ac9c3df3f26bdf6e45a018617237a8.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3860 47ac9c3df3f26bdf6e45a018617237a8.exe 4704 47ac9c3df3f26bdf6e45a018617237a8.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3860 wrote to memory of 4704 3860 47ac9c3df3f26bdf6e45a018617237a8.exe 90 PID 3860 wrote to memory of 4704 3860 47ac9c3df3f26bdf6e45a018617237a8.exe 90 PID 3860 wrote to memory of 4704 3860 47ac9c3df3f26bdf6e45a018617237a8.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\47ac9c3df3f26bdf6e45a018617237a8.exe"C:\Users\Admin\AppData\Local\Temp\47ac9c3df3f26bdf6e45a018617237a8.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3860 -
C:\Users\Admin\AppData\Local\Temp\47ac9c3df3f26bdf6e45a018617237a8.exeC:\Users\Admin\AppData\Local\Temp\47ac9c3df3f26bdf6e45a018617237a8.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4704
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5415cc0a450a2ee026d00cf6c73e81953
SHA150414f5f65f8c2a4c0680d3202dff88947b86da5
SHA256170fff89e02fe4029c7d3bfc78a08134d1db087bc44964d346c6a65a5968dd4a
SHA5120dfa6b5c2d86c8773efc32f9a48c0042861a173fe86ded16eebda0c291fa63b7e9f6d3c134bf8e7228699cc2124dc6ef96d4c5070d897a6460d77e8bbdae166c