Analysis
-
max time kernel
122s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
10/01/2024, 02:25
General
-
Target
4f54cfa24b92174065569c5730da549d.exe
-
Size
1000KB
-
MD5
4f54cfa24b92174065569c5730da549d
-
SHA1
c70f65a0b97c6a6bc342d8bb826e5bcdd351ff73
-
SHA256
2bc781fc7483d87492fc10c7e45d9098456724238a52b9eb0bc685225c1dbe4c
-
SHA512
b2d3922f597f13849c2fb72c9442190d19dd5638f86b1638190966f0aa360ba101b31a5fa018c85ba409a1afb970a0e1179aede6b8263da92fe160a3e19c43d6
-
SSDEEP
12288:Ot8dvr0hf8HYcj2Onf4nZ0vEXriBECaBwQ2tb5JLrnylUPqt0gHDS7eyod:OedKf8HYSREXd1B+5vMiqt0gj2ed
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f54cfa24b92174065569c5730da549d.exe"C:\Users\Admin\AppData\Local\Temp\4f54cfa24b92174065569c5730da549d.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4f54cfa24b92174065569c5730da549d.exeC:\Users\Admin\AppData\Local\Temp\4f54cfa24b92174065569c5730da549d.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\4f54cfa24b92174065569c5730da549d.exe" /TN Google_Trk_Updater /F3⤵
- Creates scheduled task(s)
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD5b878ee2e55dd62ccda0fe267bb76d3b5
SHA18128140a8193f5aef12d24a375dbbec82ff9a1b3
SHA25601083e58b5eefe4217adc0759f419fc3cebe9c5cc400ab047c3781dcd1854382
SHA512e036c59f8feb20accb16af217f9dc3b87b7cb5ad1d0cbe20bb671fc740a0afde5f1eba6a8de999f0f31074c7662f63d72f44b81bb7bed57c079599c31a53ee68
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
101KB
MD586671454b6ccbafc4886b5e051cf0154
SHA15775e4122a3f404a4f6958017410d41310e6799d
SHA2566d5cace22b34844b2541a8570974856bb9afd1e2d2eef69bc7cd41783fe2f74c
SHA5120235eb0a901c20380ed2d50d7f32cdbb9d6675c896acad6cff94d42dfc50231021dedfe88f77e4d090a4e62c232df8ecd0a396de9c1c9f43b54d4a80e9e2802a
-
Filesize
188KB
MD52bf4106b1e30bfca29a641692e2e964f
SHA1ad5029d06032a451def554f2db7639f4572dfc98
SHA256a3ee6c9c2b1920deed1461c1a073d8b35bb02be78530bd8471fdc1675024fc82
SHA5127f40b2fabdf9d887212ecbad011391d4c4a961bbd748323f46159b9e23ff49f6e8a5f2319327f19c5be8896151a34530ac71f7472367c8e9536e3284c27f03dd
-
Filesize
524KB
-
Filesize
504KB
-
Filesize
524KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
504KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
504KB