Analysis
-
max time kernel
148s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
09-01-2024 03:09
Static task
static1
Behavioral task
behavioral1
Sample
4d2ebb1bee548aa98b902e032d643390.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4d2ebb1bee548aa98b902e032d643390.exe
Resource
win10v2004-20231215-en
General
-
Target
4d2ebb1bee548aa98b902e032d643390.exe
-
Size
385KB
-
MD5
4d2ebb1bee548aa98b902e032d643390
-
SHA1
80ce5fcb9812f88eb32346b86f6806a90dfb2fce
-
SHA256
e29aa2156031ce038588fbd9282fb0a2ce839b9942abf91b577446332cbf2b93
-
SHA512
ba3d42562cb2d258ecf963b4a539b6ceea955696513ee7b2b1529f7df1a9cca69dc1056902e4f23ea7144acc873a2b9bc4c7d42f041bf30c6934138d7db41325
-
SSDEEP
12288:H9zxiveq9qN60kG3oUnT1ds05Eq+qtLDESyIB:HVxnq9qrB3o8xtvyIB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 112 4d2ebb1bee548aa98b902e032d643390.exe -
Executes dropped EXE 1 IoCs
pid Process 112 4d2ebb1bee548aa98b902e032d643390.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2168 4d2ebb1bee548aa98b902e032d643390.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2168 4d2ebb1bee548aa98b902e032d643390.exe 112 4d2ebb1bee548aa98b902e032d643390.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2168 wrote to memory of 112 2168 4d2ebb1bee548aa98b902e032d643390.exe 19 PID 2168 wrote to memory of 112 2168 4d2ebb1bee548aa98b902e032d643390.exe 19 PID 2168 wrote to memory of 112 2168 4d2ebb1bee548aa98b902e032d643390.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d2ebb1bee548aa98b902e032d643390.exe"C:\Users\Admin\AppData\Local\Temp\4d2ebb1bee548aa98b902e032d643390.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Users\Admin\AppData\Local\Temp\4d2ebb1bee548aa98b902e032d643390.exeC:\Users\Admin\AppData\Local\Temp\4d2ebb1bee548aa98b902e032d643390.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:112
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD5423c7fd76c4dfaf3b456edb897529244
SHA10b91310c035b186fcd75d4bd675e79db5852805d
SHA2566c44912955af6bf328891625b2b9e79827cd6747c75a79f6a66e37a2f838ad3a
SHA512481d4c580514968f6a0b365248fb9bf7cf7c9f497d25244e5c1b7d4b37f658098cd24338ac6efb34f0fcb3729ce2835a02c2dd65592f33fe576e2ebe3e3407b1