8ac969299d7adcf5c8bf4f55938e632efce8cf99c1128eb73de16b838ba0d327

Analysis

max time kernel
120s
max time network
178s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f5349bfb263a3eaebb659ef6c85d903.exe
Size

1.6MB
MD5

4f5349bfb263a3eaebb659ef6c85d903
SHA1

c98dfe4f390fe9c130c9fc40e13c9a7875b5fd91
SHA256

8ac969299d7adcf5c8bf4f55938e632efce8cf99c1128eb73de16b838ba0d327
SHA512

16644b1bc78603c345e2db76f0b8347b8ab515c40230f54d877502e6235bab8e2fbd2e878bafc85442326b557787cc0e565b7c0608a8ea2b97f6726154d5db51
SSDEEP

49152:ApQTrKjXWVyj3lDgEeku52GyEyV7El/WyQ7U426tMc:Apkruj3JgEekuly7El/fQY42O

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2480	4f5349bfb263a3eaebb659ef6c85d903.exe

Executes dropped EXE 1 IoCs

pid	Process
2480	4f5349bfb263a3eaebb659ef6c85d903.exe

Loads dropped DLL 1 IoCs

pid	Process
2168	4f5349bfb263a3eaebb659ef6c85d903.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2168	4f5349bfb263a3eaebb659ef6c85d903.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2168	4f5349bfb263a3eaebb659ef6c85d903.exe
2480	4f5349bfb263a3eaebb659ef6c85d903.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2480	2168	4f5349bfb263a3eaebb659ef6c85d903.exe	29
PID 2168 wrote to memory of 2480	2168	4f5349bfb263a3eaebb659ef6c85d903.exe	29
PID 2168 wrote to memory of 2480	2168	4f5349bfb263a3eaebb659ef6c85d903.exe	29
PID 2168 wrote to memory of 2480	2168	4f5349bfb263a3eaebb659ef6c85d903.exe	29

C:\Users\Admin\AppData\Local\Temp\4f5349bfb263a3eaebb659ef6c85d903.exe
"C:\Users\Admin\AppData\Local\Temp\4f5349bfb263a3eaebb659ef6c85d903.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\4f5349bfb263a3eaebb659ef6c85d903.exe
  C:\Users\Admin\AppData\Local\Temp\4f5349bfb263a3eaebb659ef6c85d903.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4f5349bfb263a3eaebb659ef6c85d903.exe

Filesize
64KB

MD5
d0d9c539488ff012051c256e7efe21b8

SHA1
2f7101020d86c60e3aebbb8aa928e9f1c68b9f29

SHA256
2623f08ee678c4ed22e68bf3db08188d85280abda1789ef0e9a4f3b7ac1f3d31

SHA512
820c2db3cc6ab3c5cad868997db2904bfc6b6a13cf791a5df6889be9167a33ce6d4eb86a0eb71c502025568fef242e1ba91c6266a2b74870920567ecf09a0aec

Download Submit
\Users\Admin\AppData\Local\Temp\4f5349bfb263a3eaebb659ef6c85d903.exe

Filesize
132KB

MD5
108b04cf50e79d5408246048fe6ff7de

SHA1
cd59f3669a8de35ed16037bf32e165b9d9b2668c

SHA256
5920769c76270189b32b3c818822931ae38ea80382f2ee451b2bb5c2b997d52c

SHA512
d0ac36d989838248a02e1d67f903f52916da8f260734dd86d1a6915e7c3d3bc47887004226feb916445c96ee6c9b85b98190068ab6268ffef7af4ffa6c23405d

Download Submit
memory/2168-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2168-1-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2168-3-0x0000000001AD0000-0x0000000001F47000-memory.dmp

Filesize
4.5MB

Download
memory/2168-13-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2168-15-0x00000000039F0000-0x0000000003E67000-memory.dmp

Filesize
4.5MB

Download
memory/2480-17-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2480-16-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2480-22-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/2480-23-0x0000000003720000-0x000000000396D000-memory.dmp

Filesize
2.3MB

Download