Analysis
-
max time kernel
123s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
08/01/2024, 13:33
Static task
static1
Behavioral task
behavioral1
Sample
4b92ebaedad8cf777c9bcf973b6c2dca.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4b92ebaedad8cf777c9bcf973b6c2dca.exe
Resource
win10v2004-20231215-en
General
-
Target
4b92ebaedad8cf777c9bcf973b6c2dca.exe
-
Size
385KB
-
MD5
4b92ebaedad8cf777c9bcf973b6c2dca
-
SHA1
935770b763263e94c2b13d900e64c88f41086566
-
SHA256
dd6b0b11044ddbf022fcc5f36ab2574e43ceebad3c255d23e85a3ea831c54f89
-
SHA512
b008d0f11f1944debeb58b428ada92a2f409f8d8391571947aad9218b172d8be68214e22a58112aeb2e1df75cc6bab472858822bc42530d36de3403cd773a1b2
-
SSDEEP
6144:44Kpr3WVVSFGY3wigyqZcnyULHht5TXJVmGoDmyGejvYTJkppKbhctM4SuIphsMI:44KxGQGCySn9tboTrNpwcnSuQC2cB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1212 4b92ebaedad8cf777c9bcf973b6c2dca.exe -
Executes dropped EXE 1 IoCs
pid Process 1212 4b92ebaedad8cf777c9bcf973b6c2dca.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 640 4b92ebaedad8cf777c9bcf973b6c2dca.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 640 4b92ebaedad8cf777c9bcf973b6c2dca.exe 1212 4b92ebaedad8cf777c9bcf973b6c2dca.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 640 wrote to memory of 1212 640 4b92ebaedad8cf777c9bcf973b6c2dca.exe 91 PID 640 wrote to memory of 1212 640 4b92ebaedad8cf777c9bcf973b6c2dca.exe 91 PID 640 wrote to memory of 1212 640 4b92ebaedad8cf777c9bcf973b6c2dca.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b92ebaedad8cf777c9bcf973b6c2dca.exe"C:\Users\Admin\AppData\Local\Temp\4b92ebaedad8cf777c9bcf973b6c2dca.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Users\Admin\AppData\Local\Temp\4b92ebaedad8cf777c9bcf973b6c2dca.exeC:\Users\Admin\AppData\Local\Temp\4b92ebaedad8cf777c9bcf973b6c2dca.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1212
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD5c637b83e122a3609ee0941d14ae03428
SHA162f1f84366d7e4a7dfa2f826b84b22050d6c0834
SHA256a89eea04cabf763896c4f025bdb4b1e8b492ae68fb4b4cde2aab9905a5de3275
SHA512382bcecde3174861612251184253ff9a9171c7260c415327a4d8af44be69dde24b96d898926c399e42b88784c260c96e410876ef3d245b9098501d611592bbbf