Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 03:43
Behavioral task
behavioral1
Sample
4a58fe4b13e88ac6f544dd335ee41c8f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a58fe4b13e88ac6f544dd335ee41c8f.exe
Resource
win10v2004-20231215-en
General
-
Target
4a58fe4b13e88ac6f544dd335ee41c8f.exe
-
Size
5.8MB
-
MD5
4a58fe4b13e88ac6f544dd335ee41c8f
-
SHA1
44ca2037773df85a65a419041f7a5e2d1a1e04f3
-
SHA256
1d78620379dd7ca10686091c5e04f231be004e18d0051d46d52aaff1dcc07170
-
SHA512
7b57d8c7033fd6b1d7a3eee3c268e856b49d2649ad5c02f4bfb9ce1bb2fb5922ccdc9441d6ea99dd35c458b2f32f0b7db03e49b92250c52f05bd7de023969f3f
-
SSDEEP
98304:MgxG/NW2fRzgZwt1gg3gnl/IVUs1jePsczwpf24pD6qaFWWOBrgg3gnl/IVUs1jl:i82Ckgl/iBiPvA2qyWWYgl/iBiP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2668 4a58fe4b13e88ac6f544dd335ee41c8f.exe -
Executes dropped EXE 1 IoCs
pid Process 2668 4a58fe4b13e88ac6f544dd335ee41c8f.exe -
Loads dropped DLL 1 IoCs
pid Process 2052 4a58fe4b13e88ac6f544dd335ee41c8f.exe -
resource yara_rule behavioral1/memory/2052-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b00000001224f-15.dat upx behavioral1/files/0x000b00000001224f-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2052 4a58fe4b13e88ac6f544dd335ee41c8f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2052 4a58fe4b13e88ac6f544dd335ee41c8f.exe 2668 4a58fe4b13e88ac6f544dd335ee41c8f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2052 wrote to memory of 2668 2052 4a58fe4b13e88ac6f544dd335ee41c8f.exe 15 PID 2052 wrote to memory of 2668 2052 4a58fe4b13e88ac6f544dd335ee41c8f.exe 15 PID 2052 wrote to memory of 2668 2052 4a58fe4b13e88ac6f544dd335ee41c8f.exe 15 PID 2052 wrote to memory of 2668 2052 4a58fe4b13e88ac6f544dd335ee41c8f.exe 15
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a58fe4b13e88ac6f544dd335ee41c8f.exe"C:\Users\Admin\AppData\Local\Temp\4a58fe4b13e88ac6f544dd335ee41c8f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Users\Admin\AppData\Local\Temp\4a58fe4b13e88ac6f544dd335ee41c8f.exeC:\Users\Admin\AppData\Local\Temp\4a58fe4b13e88ac6f544dd335ee41c8f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2668
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD58c72a7a3df6ad571ba0d30f1fc7630a6
SHA177d50be2e1850743a9558305e4766a9b969d78fe
SHA2563ac21a98698313703acf85cd9c487ed091c078538730fd48179c7548e147902c
SHA512dd2b85ae9b602f416bfc3de6834584a3510c546a75dc0f57993f68eceb7b8121c7a3733bd75868d9e8072a66bf9b317748587a61267cc3a0e5324dd777e0d232
-
Filesize
856KB
MD5aac525de92a06837c53cdc13b9d6a108
SHA10991b7a507c679f7a6a991d8e9fa5e09a9f57e60
SHA25672bf6cddfe5702d9aad357cdc954d6d52af48924363eb99a1be58f43cfe17447
SHA5120ed94e668b2fe50bab2d9155ac010d6efcb1221bfe8d64e7eb948796b35e3cbcdcb4375d2a6aadbf9a986ba41979818bb0d10fc74f0072efef22637addf202ed