Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
08/01/2024, 03:43
Behavioral task
behavioral1
Sample
4a58fe4b13e88ac6f544dd335ee41c8f.exe
Resource
win7-20231215-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
4a58fe4b13e88ac6f544dd335ee41c8f.exe
Resource
win10v2004-20231215-en
6 signatures
150 seconds
General
-
Target
4a58fe4b13e88ac6f544dd335ee41c8f.exe
-
Size
5.8MB
-
MD5
4a58fe4b13e88ac6f544dd335ee41c8f
-
SHA1
44ca2037773df85a65a419041f7a5e2d1a1e04f3
-
SHA256
1d78620379dd7ca10686091c5e04f231be004e18d0051d46d52aaff1dcc07170
-
SHA512
7b57d8c7033fd6b1d7a3eee3c268e856b49d2649ad5c02f4bfb9ce1bb2fb5922ccdc9441d6ea99dd35c458b2f32f0b7db03e49b92250c52f05bd7de023969f3f
-
SSDEEP
98304:MgxG/NW2fRzgZwt1gg3gnl/IVUs1jePsczwpf24pD6qaFWWOBrgg3gnl/IVUs1jl:i82Ckgl/iBiPvA2qyWWYgl/iBiP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2464 4a58fe4b13e88ac6f544dd335ee41c8f.exe -
Executes dropped EXE 1 IoCs
pid Process 2464 4a58fe4b13e88ac6f544dd335ee41c8f.exe -
resource yara_rule behavioral2/memory/4348-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/memory/2464-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4348 4a58fe4b13e88ac6f544dd335ee41c8f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4348 4a58fe4b13e88ac6f544dd335ee41c8f.exe 2464 4a58fe4b13e88ac6f544dd335ee41c8f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4348 wrote to memory of 2464 4348 4a58fe4b13e88ac6f544dd335ee41c8f.exe 22 PID 4348 wrote to memory of 2464 4348 4a58fe4b13e88ac6f544dd335ee41c8f.exe 22 PID 4348 wrote to memory of 2464 4348 4a58fe4b13e88ac6f544dd335ee41c8f.exe 22
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a58fe4b13e88ac6f544dd335ee41c8f.exe"C:\Users\Admin\AppData\Local\Temp\4a58fe4b13e88ac6f544dd335ee41c8f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4348 -
C:\Users\Admin\AppData\Local\Temp\4a58fe4b13e88ac6f544dd335ee41c8f.exeC:\Users\Admin\AppData\Local\Temp\4a58fe4b13e88ac6f544dd335ee41c8f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2464
-