b31c97c558c0d95381b48505586f63932611ae579c91d697936d831f025f4fe7

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 03:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

525fa299b7518b873d27bd73ff228654.exe
Size

84KB
MD5

525fa299b7518b873d27bd73ff228654
SHA1

08e01bf5b6fbce3e6867069ed98de7c58c200e11
SHA256

b31c97c558c0d95381b48505586f63932611ae579c91d697936d831f025f4fe7
SHA512

bf70fb09cd41f84d71ed88cf55fa166e044734f2a8d7a0905a67a33b5a590a9cfe6c67eec69e75fd68e1caddf207bcd585af588f4111ae9d9e8e5cdba417a6f9
SSDEEP

1536:l1Sqo9I16esxOrR4KOEasFtF81zWLqGafeSCZ1VW2FU0ouYC12Du:l1SM1m6R4KzaMF8xcnNFU0nDsu

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3004	525fa299b7518b873d27bd73ff228654.exe

Executes dropped EXE 1 IoCs

pid	Process
3004	525fa299b7518b873d27bd73ff228654.exe

Loads dropped DLL 1 IoCs

pid	Process
2560	525fa299b7518b873d27bd73ff228654.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2560	525fa299b7518b873d27bd73ff228654.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2560	525fa299b7518b873d27bd73ff228654.exe
3004	525fa299b7518b873d27bd73ff228654.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 3004	2560	525fa299b7518b873d27bd73ff228654.exe	20
PID 2560 wrote to memory of 3004	2560	525fa299b7518b873d27bd73ff228654.exe	20
PID 2560 wrote to memory of 3004	2560	525fa299b7518b873d27bd73ff228654.exe	20
PID 2560 wrote to memory of 3004	2560	525fa299b7518b873d27bd73ff228654.exe	20

C:\Users\Admin\AppData\Local\Temp\525fa299b7518b873d27bd73ff228654.exe
"C:\Users\Admin\AppData\Local\Temp\525fa299b7518b873d27bd73ff228654.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Users\Admin\AppData\Local\Temp\525fa299b7518b873d27bd73ff228654.exe
  C:\Users\Admin\AppData\Local\Temp\525fa299b7518b873d27bd73ff228654.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\525fa299b7518b873d27bd73ff228654.exe

Filesize
32KB

MD5
a537386f4c18af95438d0484bc00b037

SHA1
5fe24ffb541c4341b3c88c83f51230e54a5a530d

SHA256
d4b86da7103c4591d28413fb00cd42a2d978c0055917ea95e762ea8dcaadfa50

SHA512
191b7481191b903f0a7882d20981f4e4b2ebb2d529ac542db097b5d0fecad7a49b5c8617038d4df66ba72460e945fa200dd663c303f70d8e2ac5ed0e21ac5032

Download Submit
\Users\Admin\AppData\Local\Temp\525fa299b7518b873d27bd73ff228654.exe

Filesize
64KB

MD5
5af514321acc320d90dbd370f8569f1f

SHA1
aca0be6222c12f3055bb8bfaff8b32b87c9c2a23

SHA256
9a887030b846352fac833663364422310833a36fe1569bc761c23a7f3dfc1a47

SHA512
607c8a6b5ab079e29b035d0db7aac2a2f8d433b9a2f570274b9e7a847bab9494b1d00c4d0ab76c1cfad2d1601095a8a1fbd01844279067cb12fd05671ab2cf12

Download Submit
memory/2560-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2560-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2560-1-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2560-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2560-12-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download
memory/3004-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3004-28-0x00000000003C0000-0x00000000003DB000-memory.dmp

Filesize
108KB

Download
memory/3004-18-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download