Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 03:42
Static task
static1
Behavioral task
behavioral1
Sample
4a588e938d447df4d0cd9b26d791a724.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4a588e938d447df4d0cd9b26d791a724.exe
Resource
win10v2004-20231222-en
General
-
Target
4a588e938d447df4d0cd9b26d791a724.exe
-
Size
1.9MB
-
MD5
4a588e938d447df4d0cd9b26d791a724
-
SHA1
20aea6284729fd9680be5b944ab8cb9f3a4c70f2
-
SHA256
b5b9137fa9ea5cef7233830411dcc95d949b804d07203c3b834081052cd587a3
-
SHA512
6505878f8f1996df5e5f8d6d9f7d250df934d40119fac25a40095ab5cde24817aa5f67ee3e224db12603a2e60441848145abd95bcfedd774d59713309bb3cbe9
-
SSDEEP
49152:Qoa1taC070dNtPltRVS9wChgsHX8N32Jvj57zvJO7a6:Qoa1taC0klTY9lisHJ5j57zxO3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3048 657.tmp -
Executes dropped EXE 1 IoCs
pid Process 3048 657.tmp -
Loads dropped DLL 1 IoCs
pid Process 2932 4a588e938d447df4d0cd9b26d791a724.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 3048 2932 4a588e938d447df4d0cd9b26d791a724.exe 28 PID 2932 wrote to memory of 3048 2932 4a588e938d447df4d0cd9b26d791a724.exe 28 PID 2932 wrote to memory of 3048 2932 4a588e938d447df4d0cd9b26d791a724.exe 28 PID 2932 wrote to memory of 3048 2932 4a588e938d447df4d0cd9b26d791a724.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe"C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\657.tmp"C:\Users\Admin\AppData\Local\Temp\657.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe 291028087D210082831AC8395B90B70336249953F30C99D13D74C8D667E1F8421EA3F2ACE4047111CC2EE78B0D1798887AB979A5F89B4A5984FE13392E165FEA2⤵
- Deletes itself
- Executes dropped EXE
PID:3048
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD509a766949cca2d2f1d2b0f7b9ccc42cd
SHA1322ea38bbb8b44919a57d0832246d821aeafb5b7
SHA256bf1a650fdaa5cde20e4ae935c1ffcb66930b373edcfb19aee1b9c4d65d514a14
SHA512b35a3940e6435385bc97c6005e32803590feb2dbc1a0cb8458e0a61983be8dbfd3f4e0ef814aa0dcf704378ee7f09881e68b74e7bcee7c30aff7b8b7e49bca5a