Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 03:42
Static task
static1
Behavioral task
behavioral1
Sample
4a58b278ebdd160721a1b09e0106bf6b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a58b278ebdd160721a1b09e0106bf6b.exe
Resource
win10v2004-20231222-en
General
-
Target
4a58b278ebdd160721a1b09e0106bf6b.exe
-
Size
1.9MB
-
MD5
4a58b278ebdd160721a1b09e0106bf6b
-
SHA1
5ba9f243dca1faa77c59ee0b1f6171239d69040a
-
SHA256
87b238d626db6641bab27b227c56c356ddbdab10e18d8a4d14f1e4d238edd146
-
SHA512
74792beacc1b4da4c2fcc2614ee47e624e8c8e44f2c5789eae656dbb2ca3431883e6c97249cfd7565f80c4c86af95674f1e89e80f8fddf5708e678aed66c5fb1
-
SSDEEP
24576:N2oo60HPdt+1CRiY2eOBvcj3u10dfzNwDsbix6OxY8b1huRBXoeRrY2KUNih9WfH:Qoa1taC070dLNN7EY87Sa2KU4j/dXm
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2412 7F0F.tmp -
Executes dropped EXE 1 IoCs
pid Process 2412 7F0F.tmp -
Loads dropped DLL 1 IoCs
pid Process 2452 4a58b278ebdd160721a1b09e0106bf6b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2452 wrote to memory of 2412 2452 4a58b278ebdd160721a1b09e0106bf6b.exe 28 PID 2452 wrote to memory of 2412 2452 4a58b278ebdd160721a1b09e0106bf6b.exe 28 PID 2452 wrote to memory of 2412 2452 4a58b278ebdd160721a1b09e0106bf6b.exe 28 PID 2452 wrote to memory of 2412 2452 4a58b278ebdd160721a1b09e0106bf6b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a58b278ebdd160721a1b09e0106bf6b.exe"C:\Users\Admin\AppData\Local\Temp\4a58b278ebdd160721a1b09e0106bf6b.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Users\Admin\AppData\Local\Temp\7F0F.tmp"C:\Users\Admin\AppData\Local\Temp\7F0F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a58b278ebdd160721a1b09e0106bf6b.exe 8F35A75A1D078941A41BEBB82A4412345DDBE26F7D6050DDC25EB1B7CB1C33965F50B425E1DF235AFF16BA36C23A152671B014083A11598D82CA0806941C8FCC2⤵
- Deletes itself
- Executes dropped EXE
PID:2412
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5d160017e8302eb50fef9aea0b5e75f04
SHA101a87d078985e2ae76f609019391fdecb264a293
SHA256a953401a173baac051e42b922cca81a877b3ff121e316a52570c0bbd86d3c1e7
SHA512b8c7914fcef34371eadaa386f4249ec116f8b9ce5dcee60f34564c06f547823d5c77fdda79f40b1a19d2986c6668580048edfbb49bd1df1bce2c9d3ea601ab40