59b76dacc1bbd8f36117846b5baaf44fc08016b5d885e5be221d5c97dee3fd3b

Analysis

max time kernel
143s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 17:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

498f87dcaab20a8c0319a220e98be2ad.exe
Size

385KB
MD5

498f87dcaab20a8c0319a220e98be2ad
SHA1

a336357014934a866cc668698ab36ca44139d29e
SHA256

59b76dacc1bbd8f36117846b5baaf44fc08016b5d885e5be221d5c97dee3fd3b
SHA512

d1d1e9708b14aa311706f9c37534781a942bda67443049dc6eafa91beeb0acbb8571847de6d8bf73585635c6b9776d57936c3a8351defb11bd8004c21eeb49b6
SSDEEP

12288:jtQVIdw/wZGuT/n7mk9pQwpwKer0yCvi/sddKFB:jWVIC/wJ7fQuwMDvOsddwB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3260	498f87dcaab20a8c0319a220e98be2ad.exe

Executes dropped EXE 1 IoCs

pid	Process
3260	498f87dcaab20a8c0319a220e98be2ad.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1968	498f87dcaab20a8c0319a220e98be2ad.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1968	498f87dcaab20a8c0319a220e98be2ad.exe
3260	498f87dcaab20a8c0319a220e98be2ad.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 3260	1968	498f87dcaab20a8c0319a220e98be2ad.exe	94
PID 1968 wrote to memory of 3260	1968	498f87dcaab20a8c0319a220e98be2ad.exe	94
PID 1968 wrote to memory of 3260	1968	498f87dcaab20a8c0319a220e98be2ad.exe	94

C:\Users\Admin\AppData\Local\Temp\498f87dcaab20a8c0319a220e98be2ad.exe
"C:\Users\Admin\AppData\Local\Temp\498f87dcaab20a8c0319a220e98be2ad.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Users\Admin\AppData\Local\Temp\498f87dcaab20a8c0319a220e98be2ad.exe
  C:\Users\Admin\AppData\Local\Temp\498f87dcaab20a8c0319a220e98be2ad.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\498f87dcaab20a8c0319a220e98be2ad.exe

Filesize
385KB

MD5
6053fe288c56149c0e3538747b36c186

SHA1
7aa7a29b2a5f0a47b01d458298d7f77eccbd6c19

SHA256
f40fff9a553a2db172055eccf133c5188fa0c44443341f98bea44762aad0e822

SHA512
c26512e4ad9820faccc30142bf5265fd15aaac7a645089e9fe8fbde3cf00aa1b58403429bcaaf6285c054f2e60523ac6cf15ec3c330c796d800863c46bca6202

Download Submit
memory/1968-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1968-1-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/1968-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1968-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3260-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3260-15-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/3260-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3260-20-0x0000000004EE0000-0x0000000004F3F000-memory.dmp

Filesize
380KB

Download
memory/3260-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3260-31-0x000000000C640000-0x000000000C67C000-memory.dmp

Filesize
240KB

Download
memory/3260-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download